Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
KASHI SHIP PARTICULARS.pdf.scr.exe

Overview

General Information

Sample name:KASHI SHIP PARTICULARS.pdf.scr.exe
Analysis ID:1576081
MD5:42555dbdcc01fddb6e68265cc5704b5b
SHA1:543e5153ad0bc094841e40330567ac8e9abb2d48
SHA256:2b1c8e28590c81630fe3c284857734161139c1998cdd28e899cd1049bf5fff0d
Tags:exeuser-adrian__luca
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large strings
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Binary contains a suspicious time stamp
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

  • System is w10x64
  • KASHI SHIP PARTICULARS.pdf.scr.exe (PID: 7296 cmdline: "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe" MD5: 42555DBDCC01FDDB6E68265CC5704B5B)
    • powershell.exe (PID: 7472 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla
{"Exfil Mode": "FTP", "Host": "ftp://beirutrest.com", "Username": "belogs@beirutrest.com", "Password": "9yXQ39wz(uL+"}
SourceRuleDescriptionAuthorStrings
00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 9 entries
            SourceRuleDescriptionAuthorStrings
            0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x312d3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x31345:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x313cf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x31461:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x314cb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x3153d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x315d3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x31663:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                • 0x2e6c6:$s2: GetPrivateProfileString
                • 0x2ddc5:$s3: get_OSFullName
                • 0x2f403:$s5: remove_Key
                • 0x2f592:$s5: remove_Key
                • 0x30473:$s6: FtpWebRequest
                • 0x312b5:$s7: logins
                • 0x31827:$s7: logins
                • 0x3450a:$s7: logins
                • 0x345ea:$s7: logins
                • 0x35ee6:$s7: logins
                • 0x35184:$s9: 1.85 (Hash, version 2, native byte-order)
                0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 25 entries

                  System Summary

                  barindex
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe, ParentProcessId: 7296, ParentProcessName: KASHI SHIP PARTICULARS.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ProcessId: 7472, ProcessName: powershell.exe
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe, ParentProcessId: 7296, ParentProcessName: KASHI SHIP PARTICULARS.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ProcessId: 7472, ProcessName: powershell.exe
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe, ParentProcessId: 7296, ParentProcessName: KASHI SHIP PARTICULARS.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe", ProcessId: 7472, ProcessName: powershell.exe
                  No Suricata rule has matched

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeAvira: detected
                  Source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://beirutrest.com", "Username": "belogs@beirutrest.com", "Password": "9yXQ39wz(uL+"}
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeReversingLabs: Detection: 73%
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeJoe Sandbox ML: detected
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.9:49723 version: TLS 1.2
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: hRHZe.pdb source: KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: Binary string: hRHZe.pdbSHA256= source: KASHI SHIP PARTICULARS.pdf.scr.exe

                  Networking

                  barindex
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPE
                  Source: Joe Sandbox ViewIP Address: 50.87.144.157 50.87.144.157
                  Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                  Source: Joe Sandbox ViewIP Address: 172.67.74.152 172.67.74.152
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                  Source: global trafficDNS traffic detected: DNS query: beirutrest.com
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://beirutrest.com
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1379060097.0000000002931000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: unknownHTTPS traffic detected: 172.67.74.152:443 -> 192.168.2.9:49723 version: TLS 1.2

                  Key, Mouse, Clipboard, Microphone and Screen Capturing

                  barindex
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, n00.cs.Net Code: lGCzgIzdr
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, n00.cs.Net Code: lGCzgIzdr

                  System Summary

                  barindex
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, Form1.csLong String: Length: 166868
                  Source: initial sampleStatic PE information: Filename: KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_028E42180_2_028E4218
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_028E6F920_2_028E6F92
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_028ED4240_2_028ED424
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE3E080_2_06BE3E08
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE26000_2_06BE2600
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE4C480_2_06BE4C48
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE3DF70_2_06BE3DF7
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE8DE00_2_06BE8DE0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06BE42400_2_06BE4240
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_089A0FF80_2_089A0FF8
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_089A0FE80_2_089A0FE8
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028EE5B84_2_028EE5B8
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E4A584_2_028E4A58
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E3E404_2_028E3E40
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028EDD384_2_028EDD38
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E41884_2_028E4188
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028EA9E04_2_028EA9E0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E19604_2_028E1960
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0663A4EC4_2_0663A4EC
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066389704_2_06638970
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0663B5F84_2_0663B5F8
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0663D3F04_2_0663D3F0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066465F04_2_066465F0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066455A04_2_066455A0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0664B2384_2_0664B238
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066430604_2_06643060
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0664C1904_2_0664C190
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_06647D804_2_06647D80
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066476A04_2_066476A0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_0664E3A84_2_0664E3A8
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066400404_2_06640040
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_06645CE34_2_06645CE3
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_066400224_2_06640022
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1379060097.0000000002994000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1377285835.0000000000B0E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1387453858.0000000007710000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000000.1361757469.000000000064E000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamehRHZe.exe> vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1386634612.0000000006E40000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831565871.00000000007E8000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeBinary or memory string: OriginalFilenamehRHZe.exe> vs KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, NpXw3kw.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, NpXw3kw.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, gyfrCFT5x9I.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, fpnV0Qjz.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, fpnV0Qjz.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: _0020.AddAccessRule
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, hGAQDUpwl1a4MqvLbP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, hGAQDUpwl1a4MqvLbP.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: _0020.SetAccessControl
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, BbNcBixxq3mpma28Io.csSecurity API names: _0020.AddAccessRule
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/6@2/2
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\KASHI SHIP PARTICULARS.pdf.scr.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7488:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_avcouf1o.vvi.ps1Jump to behavior
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeReversingLabs: Detection: 73%
                  Source: unknownProcess created: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_DEBUG
                  Source: Binary string: hRHZe.pdb source: KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: Binary string: hRHZe.pdbSHA256= source: KASHI SHIP PARTICULARS.pdf.scr.exe

                  Data Obfuscation

                  barindex
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, Form1.cs.Net Code: InitializeComponent System.AppDomain.Load(byte[])
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, BbNcBixxq3mpma28Io.cs.Net Code: Bok1XuOwRA System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, BbNcBixxq3mpma28Io.cs.Net Code: Bok1XuOwRA System.Reflection.Assembly.Load(byte[])
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: 0xF7179C4E [Sat May 14 13:14:54 2101 UTC]
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8025 push edx; iretd 0_2_06AF8027
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8A6E push edx; iretd 0_2_06AF8A70
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8A73 push edx; iretd 0_2_06AF8A7F
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8B69 push edx; iretd 0_2_06AF8B78
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8B7B push edx; iretd 0_2_06AF8B87
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF78DE push edx; iretd 0_2_06AF78E0
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_06AF8914 push edx; iretd 0_2_06AF8916
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 0_2_089AF8B0 push esp; retf 0_2_089AF8B1
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E6ECF push edx; iretd 4_2_028E6ED1
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeCode function: 4_2_028E0C55 push edi; retf 4_2_028E0C7A
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exeStatic PE information: section name: .text entropy: 6.885130348900251
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, TZcPmHhftbxoSfptWY.csHigh entropy of concatenated method names: 'MVVvs69wkG', 'y2MvBFdh0v', 'UjJvwOPpro', 'dlnwdmEG8l', 'LobwzKQRIU', 'rWUvCcJt8w', 'TckvGvmO7X', 'lMcvRbmbL9', 'Cj2vn9UhOw', 'DA8v1NylOm'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, a4aBjnBBmGbG5g9dBA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'J1bRZtyLK8', 'fxWRdZZcYs', 'SoVRzwgQuS', 'ACWnCng59A', 'DtLnGB7mku', 'CSLnRT94lE', 'THxnnnpstE', 'YUyEMMyQ03wBIxX6gUe'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, YSRBDB0qt6veR0xTyk.csHigh entropy of concatenated method names: 'or89uewVtx', 'SyO9iGFNTm', 'vJMBP0oZsD', 'XHVB3ohVvL', 's7ZBylog3d', 'NBaBenGgev', 'egVBh9DH4O', 'F1UBQ8yVOo', 'uUkB7aw357', 'HOMBIM4YXU'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, zkUhESdE6LB4EbO45V.csHigh entropy of concatenated method names: 'pc9TBrEvXS', 'mokT9f5mjD', 'Dj9TwSriYw', 'lVcTvJoYUy', 'dRKTYnABe2', 'CruTxUKACQ', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, CGDZcUSuyyXjBMkCdt.csHigh entropy of concatenated method names: 'PyVYrpSNeB', 'beyY4FlnE1', 'xkSYYh18EO', 'Q4jYcW9keW', 'MLMYVQyhMF', 'uGBY8qOWPB', 'Dispose', 'nGcfsI5BBS', 'XMPfEiU5Ak', 'wHmfBnE7rC'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, KEATvHG1uvqfWUGl2LT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JadbYevPif', 'zNAbTex6ke', 'Othbc31gQ9', 'TfIbbfSWRE', 'Qc1bV7Zpn8', 'qcOb2vTtNN', 'ViQb8s4mL7'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, V9nhYttUvtQdJjnDW5.csHigh entropy of concatenated method names: 't12BHLQ6oR', 'wxFB5us7DU', 'kT6BphrD5r', 'wphBtllZ1H', 'oGDBr3OUFt', 'vDIBmGR5Tm', 'gA6B4xfuLA', 'FQbBfI4Q00', 'OKJBY8Ba0Q', 'INxBTjkjO7'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, RQk3CBZoUtoSuFHDFt.csHigh entropy of concatenated method names: 'VBAYFcvcN6', 'XQAY68OcFU', 'c9gYPK3f9E', 'hg7Y3RBfrs', 'kCSYyBwy6B', 'eohYexNV2G', 'EGHYhwgC0w', 'GjdYQUQhnx', 'cmUY79nKcS', 'UqpYIWrRxa'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, StJWb2GGhFIZPTVC1l7.csHigh entropy of concatenated method names: 'spCTdqwgjw', 'JVkTz1cBnI', 'dkqcCJcvZ3', 'u27cGbRaoA', 'vPacRUR0h1', 'ixJcnx26i2', 'S7Ec1JNnrI', 'J8Zcgw7kvJ', 'zKGcsReXiD', 'noDcErnQ5v'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, HLTS1v1kVwwYlPcwxr.csHigh entropy of concatenated method names: 'PmBGvGAQDU', 'il1Gxa4Mqv', 'EUvGjtQdJj', 'cDWGo5dSRB', 'FxTGrykeNT', 'XkcGm7nVKe', 'bPouUl13xJ1OFOMKUi', 'b8IDdZSNR3QoPdZk2X', 'BLtGGsjLse', 'CUbGn0b9GD'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, KNTLkcF7nVKedvD0CM.csHigh entropy of concatenated method names: 'wSGwgfdbKd', 'dhrwEJZBmq', 'XaUw9VbyB5', 'YRAwvkXgrU', 'A6XwxpQ2ht', 'vMo9Ue3BKN', 'EV99JguTVH', 'tqV9SeUJqI', 'OF09LW47Rj', 'V3C9ZrrEci'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, ji4MWTOyJnQsj2m1XO.csHigh entropy of concatenated method names: 'H0hapbhBeg', 'NOWat6ijZE', 'V34aFUD40j', 'cHaa60QhUK', 'SUga3058dC', 'GI1ay9qs0D', 'Wx4ahDGrI6', 'AikaQ1Kyrq', 'B8naIqhvDL', 'q1bakKtBp9'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, ALmScUJ1XOuSbDIS70.csHigh entropy of concatenated method names: 'hht4Liwh2D', 'SsS4dO04v8', 'w3RfCjCJwT', 'DAxfGfhexg', 'QRb4kVqx7p', 'uEk4Nh3Bf5', 'NLm4O1PKnl', 'CYC4qXrvtw', 'Uai4DOOIRv', 'dy24KdRfS8'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, pdvcmTzvO2y2ahg6Ij.csHigh entropy of concatenated method names: 'UrqT54GXdg', 'KHiTphvPpp', 'WiuTtEX8yj', 'aZWTFw0y88', 'IFqT6vRaEG', 'dkwT3dx9jC', 'MiuTyEFS5Z', 'DFhT8gLpvR', 'etvTMBYiJV', 'qJ2TWbLiyO'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, Pv2baTRI6B0ma2WOOw.csHigh entropy of concatenated method names: 'gxKXQfeVu', 'D45HTIbiy', 'x0h5urufo', 'pwji3XZua', 'NpTteal2h', 'swp0Xb2bR', 'sTQXtb4axiGa0Gd6KR', 'Ol4qk7CPZhHUqGBTUV', 'Ky7fBNoa0', 'S9DT2lcx1'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, RD5Vci3CR1iKLbjq5I.csHigh entropy of concatenated method names: 'bikw8NYZI5', 'cUGwM56hPO', 'NvWwXwWAke', 'RlBwHErAWy', 'dJDw5CPtBe', 'OnCwiAxcVT', 'yG1wtIt1TB', 'qkCw0i1QrA', 'sDuTE7dmv8ySwRRjGup', 'bSPpV6d7KonvUbmjroY'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, KId0a4Er1GR9PES71L.csHigh entropy of concatenated method names: 'Dispose', 'JXjGZBMkCd', 'WhtR6YOLeL', 'WD8G9DJgOl', 'EO9GdOZVCo', 'yk8GzQaUCK', 'ProcessDialogKey', 'PsDRCQk3CB', 'nUtRGoSuFH', 'RFtRRXkUhE'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, EMxgYvqNG4o3INXZwD.csHigh entropy of concatenated method names: 'aiCrIFNxlP', 'yWIrNLCbcZ', 'rqDrq8QMCO', 'Tm1rDlka9U', 'UgKr6GypRE', 'sUUrPwb1Ya', 'M38r3R90r6', 'O3sryUxioE', 'uVureNtX3Z', 'KZJrhBM0MR'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, BbNcBixxq3mpma28Io.csHigh entropy of concatenated method names: 'XjEngYG2H1', 'CkMnsvm0Mu', 'tsmnEXCsNg', 'QXvnBTay3J', 'ayDn9TgWiv', 'j1inwH6Cvy', 'tE0nvUg105', 'yJOnxnqn0G', 'sUfnAlqHII', 'PP0nj499hh'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, MA1bZY7ofuvPKdPDyw.csHigh entropy of concatenated method names: 'KMMvMtUSPQ', 'oXyvWwHkyV', 'emQvXArAt4', 'lVrvHprTuT', 'I04vugdflF', 'WhNv54w2L7', 'TSrvi2xAST', 'zM2vpMlJsL', 'pUAvtDHHID', 'pgqv08h6Xn'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, hGAQDUpwl1a4MqvLbP.csHigh entropy of concatenated method names: 'LroEqTmtLH', 'dRHEDskK14', 'wmpEKpASOZ', 'zGjEl00ssg', 'H81EUpXZYb', 'FUfEJgGloA', 'SDLESRSiJI', 'SkxELUqsan', 'SgpEZa7ZSx', 'laAEdDtvtO'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.6e40000.7.raw.unpack, SB17KxGCytBPcbIQmFC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KRJTkPlTcP', 'UBDTNxXoSJ', 'ufwTOhnTrJ', 'ia3Tqiehtc', 'PjLTDcJV7E', 'lpNTK1mL3e', 'J9pTlbXakQ'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, TZcPmHhftbxoSfptWY.csHigh entropy of concatenated method names: 'MVVvs69wkG', 'y2MvBFdh0v', 'UjJvwOPpro', 'dlnwdmEG8l', 'LobwzKQRIU', 'rWUvCcJt8w', 'TckvGvmO7X', 'lMcvRbmbL9', 'Cj2vn9UhOw', 'DA8v1NylOm'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, a4aBjnBBmGbG5g9dBA.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'J1bRZtyLK8', 'fxWRdZZcYs', 'SoVRzwgQuS', 'ACWnCng59A', 'DtLnGB7mku', 'CSLnRT94lE', 'THxnnnpstE', 'YUyEMMyQ03wBIxX6gUe'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, YSRBDB0qt6veR0xTyk.csHigh entropy of concatenated method names: 'or89uewVtx', 'SyO9iGFNTm', 'vJMBP0oZsD', 'XHVB3ohVvL', 's7ZBylog3d', 'NBaBenGgev', 'egVBh9DH4O', 'F1UBQ8yVOo', 'uUkB7aw357', 'HOMBIM4YXU'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, zkUhESdE6LB4EbO45V.csHigh entropy of concatenated method names: 'pc9TBrEvXS', 'mokT9f5mjD', 'Dj9TwSriYw', 'lVcTvJoYUy', 'dRKTYnABe2', 'CruTxUKACQ', 'Next', 'Next', 'Next', 'NextBytes'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, CGDZcUSuyyXjBMkCdt.csHigh entropy of concatenated method names: 'PyVYrpSNeB', 'beyY4FlnE1', 'xkSYYh18EO', 'Q4jYcW9keW', 'MLMYVQyhMF', 'uGBY8qOWPB', 'Dispose', 'nGcfsI5BBS', 'XMPfEiU5Ak', 'wHmfBnE7rC'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, KEATvHG1uvqfWUGl2LT.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'JadbYevPif', 'zNAbTex6ke', 'Othbc31gQ9', 'TfIbbfSWRE', 'Qc1bV7Zpn8', 'qcOb2vTtNN', 'ViQb8s4mL7'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, V9nhYttUvtQdJjnDW5.csHigh entropy of concatenated method names: 't12BHLQ6oR', 'wxFB5us7DU', 'kT6BphrD5r', 'wphBtllZ1H', 'oGDBr3OUFt', 'vDIBmGR5Tm', 'gA6B4xfuLA', 'FQbBfI4Q00', 'OKJBY8Ba0Q', 'INxBTjkjO7'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, RQk3CBZoUtoSuFHDFt.csHigh entropy of concatenated method names: 'VBAYFcvcN6', 'XQAY68OcFU', 'c9gYPK3f9E', 'hg7Y3RBfrs', 'kCSYyBwy6B', 'eohYexNV2G', 'EGHYhwgC0w', 'GjdYQUQhnx', 'cmUY79nKcS', 'UqpYIWrRxa'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, StJWb2GGhFIZPTVC1l7.csHigh entropy of concatenated method names: 'spCTdqwgjw', 'JVkTz1cBnI', 'dkqcCJcvZ3', 'u27cGbRaoA', 'vPacRUR0h1', 'ixJcnx26i2', 'S7Ec1JNnrI', 'J8Zcgw7kvJ', 'zKGcsReXiD', 'noDcErnQ5v'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, HLTS1v1kVwwYlPcwxr.csHigh entropy of concatenated method names: 'PmBGvGAQDU', 'il1Gxa4Mqv', 'EUvGjtQdJj', 'cDWGo5dSRB', 'FxTGrykeNT', 'XkcGm7nVKe', 'bPouUl13xJ1OFOMKUi', 'b8IDdZSNR3QoPdZk2X', 'BLtGGsjLse', 'CUbGn0b9GD'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, KNTLkcF7nVKedvD0CM.csHigh entropy of concatenated method names: 'wSGwgfdbKd', 'dhrwEJZBmq', 'XaUw9VbyB5', 'YRAwvkXgrU', 'A6XwxpQ2ht', 'vMo9Ue3BKN', 'EV99JguTVH', 'tqV9SeUJqI', 'OF09LW47Rj', 'V3C9ZrrEci'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, ji4MWTOyJnQsj2m1XO.csHigh entropy of concatenated method names: 'H0hapbhBeg', 'NOWat6ijZE', 'V34aFUD40j', 'cHaa60QhUK', 'SUga3058dC', 'GI1ay9qs0D', 'Wx4ahDGrI6', 'AikaQ1Kyrq', 'B8naIqhvDL', 'q1bakKtBp9'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, ALmScUJ1XOuSbDIS70.csHigh entropy of concatenated method names: 'hht4Liwh2D', 'SsS4dO04v8', 'w3RfCjCJwT', 'DAxfGfhexg', 'QRb4kVqx7p', 'uEk4Nh3Bf5', 'NLm4O1PKnl', 'CYC4qXrvtw', 'Uai4DOOIRv', 'dy24KdRfS8'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, pdvcmTzvO2y2ahg6Ij.csHigh entropy of concatenated method names: 'UrqT54GXdg', 'KHiTphvPpp', 'WiuTtEX8yj', 'aZWTFw0y88', 'IFqT6vRaEG', 'dkwT3dx9jC', 'MiuTyEFS5Z', 'DFhT8gLpvR', 'etvTMBYiJV', 'qJ2TWbLiyO'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, Pv2baTRI6B0ma2WOOw.csHigh entropy of concatenated method names: 'gxKXQfeVu', 'D45HTIbiy', 'x0h5urufo', 'pwji3XZua', 'NpTteal2h', 'swp0Xb2bR', 'sTQXtb4axiGa0Gd6KR', 'Ol4qk7CPZhHUqGBTUV', 'Ky7fBNoa0', 'S9DT2lcx1'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, RD5Vci3CR1iKLbjq5I.csHigh entropy of concatenated method names: 'bikw8NYZI5', 'cUGwM56hPO', 'NvWwXwWAke', 'RlBwHErAWy', 'dJDw5CPtBe', 'OnCwiAxcVT', 'yG1wtIt1TB', 'qkCw0i1QrA', 'sDuTE7dmv8ySwRRjGup', 'bSPpV6d7KonvUbmjroY'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, KId0a4Er1GR9PES71L.csHigh entropy of concatenated method names: 'Dispose', 'JXjGZBMkCd', 'WhtR6YOLeL', 'WD8G9DJgOl', 'EO9GdOZVCo', 'yk8GzQaUCK', 'ProcessDialogKey', 'PsDRCQk3CB', 'nUtRGoSuFH', 'RFtRRXkUhE'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, EMxgYvqNG4o3INXZwD.csHigh entropy of concatenated method names: 'aiCrIFNxlP', 'yWIrNLCbcZ', 'rqDrq8QMCO', 'Tm1rDlka9U', 'UgKr6GypRE', 'sUUrPwb1Ya', 'M38r3R90r6', 'O3sryUxioE', 'uVureNtX3Z', 'KZJrhBM0MR'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, BbNcBixxq3mpma28Io.csHigh entropy of concatenated method names: 'XjEngYG2H1', 'CkMnsvm0Mu', 'tsmnEXCsNg', 'QXvnBTay3J', 'ayDn9TgWiv', 'j1inwH6Cvy', 'tE0nvUg105', 'yJOnxnqn0G', 'sUfnAlqHII', 'PP0nj499hh'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, MA1bZY7ofuvPKdPDyw.csHigh entropy of concatenated method names: 'KMMvMtUSPQ', 'oXyvWwHkyV', 'emQvXArAt4', 'lVrvHprTuT', 'I04vugdflF', 'WhNv54w2L7', 'TSrvi2xAST', 'zM2vpMlJsL', 'pUAvtDHHID', 'pgqv08h6Xn'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, hGAQDUpwl1a4MqvLbP.csHigh entropy of concatenated method names: 'LroEqTmtLH', 'dRHEDskK14', 'wmpEKpASOZ', 'zGjEl00ssg', 'H81EUpXZYb', 'FUfEJgGloA', 'SDLESRSiJI', 'SkxELUqsan', 'SgpEZa7ZSx', 'laAEdDtvtO'
                  Source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, SB17KxGCytBPcbIQmFC.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'KRJTkPlTcP', 'UBDTNxXoSJ', 'ufwTOhnTrJ', 'ia3Tqiehtc', 'PjLTDcJV7E', 'lpNTK1mL3e', 'J9pTlbXakQ'

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: Possible double extension: pdf.scrStatic PE information: KASHI SHIP PARTICULARS.pdf.scr.exe
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7296, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 2770000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 4930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 8AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 9AC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 9CC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: ACC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 2870000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 2930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: 4930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599219Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598875Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598766Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598657Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598532Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598407Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598282Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597938Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597453Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597344Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5775Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3947Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWindow / User API: threadDelayed 8289Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWindow / User API: threadDelayed 1534Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7316Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7700Thread sleep time: -5534023222112862s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7816Thread sleep count: 8289 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7816Thread sleep count: 1534 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599438s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -599094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598984s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598766s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598657s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598532s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598407s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598282s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598172s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -598063s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597938s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597813s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597688s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -597110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -596110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -595110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe TID: 7812Thread sleep time: -594110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599875Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599765Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599656Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599547Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599438Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599328Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599219Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 599094Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598984Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598875Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598766Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598657Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598532Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598407Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598282Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597938Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597453Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597344Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 596110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeThread delayed: delay time: 594110Jump to behavior
                  Source: KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831695075.0000000000C7B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeMemory written: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeProcess created: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7296, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7480, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                  Source: C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7296, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7480, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.39c5758.6.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.KASHI SHIP PARTICULARS.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.398b138.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3aac5c0.5.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.KASHI SHIP PARTICULARS.pdf.scr.exe.3a0b978.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7296, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: KASHI SHIP PARTICULARS.pdf.scr.exe PID: 7480, type: MEMORYSTR
                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                  Windows Management Instrumentation
                  1
                  DLL Side-Loading
                  1
                  DLL Side-Loading
                  11
                  Disable or Modify Tools
                  2
                  OS Credential Dumping
                  1
                  File and Directory Discovery
                  Remote Services11
                  Archive Collected Data
                  1
                  Ingress Tool Transfer
                  Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts111
                  Process Injection
                  1
                  Deobfuscate/Decode Files or Information
                  1
                  Input Capture
                  24
                  System Information Discovery
                  Remote Desktop Protocol2
                  Data from Local System
                  11
                  Encrypted Channel
                  Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)12
                  Obfuscated Files or Information
                  1
                  Credentials in Registry
                  111
                  Security Software Discovery
                  SMB/Windows Admin Shares1
                  Email Collection
                  2
                  Non-Application Layer Protocol
                  Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Software Packing
                  NTDS1
                  Process Discovery
                  Distributed Component Object Model1
                  Input Capture
                  13
                  Application Layer Protocol
                  Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                  Timestomp
                  LSA Secrets141
                  Virtualization/Sandbox Evasion
                  SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                  DLL Side-Loading
                  Cached Domain Credentials1
                  Application Window Discovery
                  VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items11
                  Masquerading
                  DCSync1
                  System Network Configuration Discovery
                  Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                  Virtualization/Sandbox Evasion
                  Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt111
                  Process Injection
                  /etc/passwd and /etc/shadowNetwork SniffingDirect Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand
                  SourceDetectionScannerLabelLink
                  KASHI SHIP PARTICULARS.pdf.scr.exe74%ReversingLabsByteCode-MSIL.Trojan.SpyNoon
                  KASHI SHIP PARTICULARS.pdf.scr.exe100%AviraHEUR/AGEN.1306657
                  KASHI SHIP PARTICULARS.pdf.scr.exe100%Joe Sandbox ML
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  No Antivirus matches
                  NameIPActiveMaliciousAntivirus DetectionReputation
                  beirutrest.com
                  50.87.144.157
                  truefalse
                    high
                    api.ipify.org
                    172.67.74.152
                    truefalse
                      high
                      NameMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/false
                        high
                        NameSourceMaliciousAntivirus DetectionReputation
                        https://api.ipify.orgKASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                          high
                          https://account.dyn.com/KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                            high
                            https://api.ipify.org/tKASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                              high
                              http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameKASHI SHIP PARTICULARS.pdf.scr.exe, 00000000.00000002.1379060097.0000000002931000.00000004.00000800.00020000.00000000.sdmp, KASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.0000000002931000.00000004.00000800.00020000.00000000.sdmpfalse
                                high
                                http://beirutrest.comKASHI SHIP PARTICULARS.pdf.scr.exe, 00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                  high
                                  • No. of IPs < 25%
                                  • 25% < No. of IPs < 50%
                                  • 50% < No. of IPs < 75%
                                  • 75% < No. of IPs
                                  IPDomainCountryFlagASNASN NameMalicious
                                  50.87.144.157
                                  beirutrest.comUnited States
                                  46606UNIFIEDLAYER-AS-1USfalse
                                  172.67.74.152
                                  api.ipify.orgUnited States
                                  13335CLOUDFLARENETUSfalse
                                  Joe Sandbox version:41.0.0 Charoite
                                  Analysis ID:1576081
                                  Start date and time:2024-12-16 14:18:08 +01:00
                                  Joe Sandbox product:CloudBasic
                                  Overall analysis duration:0h 8m 41s
                                  Hypervisor based Inspection enabled:false
                                  Report type:full
                                  Cookbook file name:default.jbs
                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                  Number of analysed new started processes analysed:10
                                  Number of new started drivers analysed:0
                                  Number of existing processes analysed:0
                                  Number of existing drivers analysed:0
                                  Number of injected processes analysed:0
                                  Technologies:
                                  • HCA enabled
                                  • EGA enabled
                                  • AMSI enabled
                                  Analysis Mode:default
                                  Analysis stop reason:Timeout
                                  Sample name:KASHI SHIP PARTICULARS.pdf.scr.exe
                                  Detection:MAL
                                  Classification:mal100.troj.spyw.evad.winEXE@6/6@2/2
                                  EGA Information:
                                  • Successful, ratio: 100%
                                  HCA Information:
                                  • Successful, ratio: 98%
                                  • Number of executed functions: 296
                                  • Number of non-executed functions: 9
                                  Cookbook Comments:
                                  • Found application associated with file extension: .exe
                                  • Override analysis time to 240000 for current running targets taking high CPU consumption
                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                  • Excluded IPs from analysis (whitelisted): 13.107.246.63, 23.218.208.109, 4.175.87.197
                                  • Excluded domains from analysis (whitelisted): fs.microsoft.com, slscr.update.microsoft.com, otelrules.azureedge.net, fe3cr.delivery.mp.microsoft.com
                                  • Not all processes where analyzed, report is missing behavior information
                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                  • Report size getting too big, too many NtCreateKey calls found.
                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                  • VT rate limit hit for: KASHI SHIP PARTICULARS.pdf.scr.exe
                                  TimeTypeDescription
                                  08:19:01API Interceptor10335542x Sleep call for process: KASHI SHIP PARTICULARS.pdf.scr.exe modified
                                  08:19:03API Interceptor10x Sleep call for process: powershell.exe modified
                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                  50.87.144.1570wxckB4Iba.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                    pR65xo6sud.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                      ship's particulars-TBN.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                        Packing List - SAPPHIRE X.xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                          WOOYANG VENUS PARTICULARS.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                            CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                              MV BBG MUARA Ship's Particulars.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                  PEACE SHIP PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                    ZHENGHE 3_Q88 20241118.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      172.67.74.152jgbC220X2U.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/?format=text
                                                      malware.exeGet hashmaliciousTargeted Ransomware, TrojanRansomBrowse
                                                      • api.ipify.org/
                                                      Simple1.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      Simple2.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      systemConfigChecker.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      2b7cu0KwZl.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      Zc9eO57fgF.elfGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      67065b4c84713_Javiles.exeGet hashmaliciousRDPWrap ToolBrowse
                                                      • api.ipify.org/
                                                      Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                      • api.ipify.org/
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      beirutrest.com0wxckB4Iba.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.144.157
                                                      pR65xo6sud.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.144.157
                                                      ship's particulars-TBN.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                      • 50.87.144.157
                                                      Packing List - SAPPHIRE X.xlsx.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                      • 50.87.144.157
                                                      WOOYANG VENUS PARTICULARS.pdf.scr.exeGet hashmaliciousAgentTesla, PureLog Stealer, zgRATBrowse
                                                      • 50.87.144.157
                                                      CHARIKLIA JUNIOR DETAILS (1) (1).pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.144.157
                                                      MV BBG MUARA Ship's Particulars.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.144.157
                                                      CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 50.87.144.157
                                                      PEACE SHIP PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.144.157
                                                      ZHENGHE 3_Q88 20241118.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                      • 50.87.144.157
                                                      api.ipify.orgPO.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.13.205
                                                      rDOC24INV0616.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.74.152
                                                      https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                      • 172.67.74.152
                                                      PqCznDthHP.exeGet hashmaliciousEdge StealerBrowse
                                                      • 104.26.13.205
                                                      https://www.canva.com/design/DAGZLdpMEGI/O58JBUDFuRvFcdZ0tgIwgA/edit?utm_content=DAGZLdpMEGI&utm_campaign=designshare&utm_medium=link2&utm_source=sharebuttonGet hashmaliciousHTMLPhisherBrowse
                                                      • 104.26.12.205
                                                      https://go.eu.sparkpostmail1.com/f/a/IgPiUnQgGsgttR90IQc-hw~~/AAGCxAA~/RgRpOpvrP0QqaHR0cHM6Ly9tYXNzd29vZHBvbGlzaC5pbi93YXRlci9jb2xkL2luZGV4VwVzcGNldUIKZ1XrFlhnca8zKlISemFyZ2FyQGZhcmlkZWEuY29tWAQAAAAB#YmlsbC5ob2l0dEBwYXJ0bmVyc21ndS5jb20=Get hashmaliciousHTMLPhisherBrowse
                                                      • 172.67.74.152
                                                      duschno.exeGet hashmaliciousCredGrabber, Meduza StealerBrowse
                                                      • 172.67.74.152
                                                      chos.exeGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      http://ap2vxmyqxf.ballyentoe.shopGet hashmaliciousEvilProxy, HTMLPhisherBrowse
                                                      • 104.26.12.205
                                                      installer.exeGet hashmaliciousUnknownBrowse
                                                      • 104.26.12.205
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      UNIFIEDLAYER-AS-1USPO.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 192.185.13.234
                                                      https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                      • 162.241.149.91
                                                      https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                      • 162.241.149.91
                                                      rDOC24INV0616.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 192.254.186.165
                                                      x86.elfGet hashmaliciousMiraiBrowse
                                                      • 192.163.243.124
                                                      https://cavotec-au.sharefile.com/public/share/web-1271a93971714a91Get hashmaliciousHTMLPhisherBrowse
                                                      • 192.185.150.180
                                                      1.elfGet hashmaliciousUnknownBrowse
                                                      • 74.91.233.206
                                                      m68k.elfGet hashmaliciousUnknownBrowse
                                                      • 142.6.100.244
                                                      powerpc.elfGet hashmaliciousUnknownBrowse
                                                      • 162.145.74.216
                                                      IGz.sh4.elfGet hashmaliciousMiraiBrowse
                                                      • 98.130.22.72
                                                      CLOUDFLARENETUSREQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                      • 172.67.177.134
                                                      PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exeGet hashmaliciousVIP KeyloggerBrowse
                                                      • 172.67.177.134
                                                      https://eu.onamoc.comano.us/XaFJNdmNsY0JUVzZrd09aZnpEZk9LNXJHSFV1RTlrbFdPMXQ5dzRKTHV4dEdpUEhTM1I1MCszdjdWWm54V01kSEhOSlpOSFpjMUlsaFNTc0l3eXhVeWl3TGVjWm14bGMxUFkzWWFkVUQvbUlNMGEza0pnOFFCK3N4TDBlc3RyYWJkSE9xVU9ETG5TU1lHQkZwdStVdXhGMzdoQzltdFAwRnc0WTJuMmF3Q1VkTzdMb0lwNXhqOFQ3eGRtK0ZuQUpydjMxSWdnPT0tLUFPWFdqaFhtRnVKaEhNK20tLUlJNFZwQjNETFQyTk1iL0UxMUxBTGc9PQ==?cid=300477933Get hashmaliciousKnowBe4Browse
                                                      • 104.17.249.203
                                                      ref_97024130865.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                      • 104.21.67.152
                                                      CITAS_pif.exeGet hashmaliciousMassLogger RATBrowse
                                                      • 104.21.67.152
                                                      nB52P46OJD.exeGet hashmaliciousVidarBrowse
                                                      • 172.64.41.3
                                                      54FApnc7eR.exeGet hashmaliciousLummaCBrowse
                                                      • 172.67.177.250
                                                      TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 104.21.67.152
                                                      PO.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 104.26.13.205
                                                      https://www.sendspace.com/pro/dl/m2hhc1Get hashmaliciousUnknownBrowse
                                                      • 104.17.25.14
                                                      MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                      3b5074b1b5d032e5620f69f9f700ff0eREQUEST FOR QUOTATION 1307-RFQ.exeGet hashmaliciousMassLogger RATBrowse
                                                      • 172.67.74.152
                                                      #U00d6deme tavsiyesi.pdf.exeGet hashmaliciousUnknownBrowse
                                                      • 172.67.74.152
                                                      PO-1124-0018- TTR-ASP1 .. 20 adet 0191621.exeGet hashmaliciousVIP KeyloggerBrowse
                                                      • 172.67.74.152
                                                      CITAS_pif.exeGet hashmaliciousMassLogger RATBrowse
                                                      • 172.67.74.152
                                                      ZppxPm0ASs.exeGet hashmaliciousXmrigBrowse
                                                      • 172.67.74.152
                                                      TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                      • 172.67.74.152
                                                      PO.bat.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                      • 172.67.74.152
                                                      rQuotation.exeGet hashmaliciousLokibot, PureLog StealerBrowse
                                                      • 172.67.74.152
                                                      invoice.htmlGet hashmaliciousUnknownBrowse
                                                      • 172.67.74.152
                                                      rDOC24INV0616.exeGet hashmaliciousAgentTeslaBrowse
                                                      • 172.67.74.152
                                                      No context
                                                      Process:C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe
                                                      File Type:ASCII text, with CRLF line terminators
                                                      Category:dropped
                                                      Size (bytes):1216
                                                      Entropy (8bit):5.34331486778365
                                                      Encrypted:false
                                                      SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                      MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                      SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                      SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                      SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                      Malicious:true
                                                      Reputation:high, very likely benign file
                                                      Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:data
                                                      Category:dropped
                                                      Size (bytes):1172
                                                      Entropy (8bit):5.354777075714867
                                                      Encrypted:false
                                                      SSDEEP:24:3gWSKco4KmBs4RPT6BmFoUebIKomjKcmZ9t7J0gt/NKIl9r6dj:QWSU4y4RQmFoUeWmfmZ9tK8NDE
                                                      MD5:92C17FC0DE8449D1E50ED56DBEBAA35D
                                                      SHA1:A617D392757DC7B1BEF28448B72CBD131CF4D0FB
                                                      SHA-256:DA2D2B57AFF1C99E62DD8102CF4DB3F2F0621D687D275BFAF3DB77772131E485
                                                      SHA-512:603922B790E772A480C9BF4CFD621827085B0070131EF29DC283F0E901CF783034384F8815C092D79A6EA5DF382EF78AF5AC3D81EBD118D2D5C1E623CE5553D1
                                                      Malicious:false
                                                      Reputation:moderate, very likely benign file
                                                      Preview:@...e.................................,..............@..........P................1]...E...........(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.AutomationL.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices4.................%...K... ...........System.Xml..8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.<...............i..VdqF...|...........System.ConfigurationH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Reputation:high, very likely benign file
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      File Type:ASCII text, with no line terminators
                                                      Category:dropped
                                                      Size (bytes):60
                                                      Entropy (8bit):4.038920595031593
                                                      Encrypted:false
                                                      SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                      MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                      SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                      SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                      SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                      Malicious:false
                                                      Preview:# PowerShell test file to determine AppLocker lockdown mode
                                                      File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                      Entropy (8bit):6.8793430265041
                                                      TrID:
                                                      • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                      • Win32 Executable (generic) a (10002005/4) 49.75%
                                                      • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                      • Windows Screen Saver (13104/52) 0.07%
                                                      • Generic Win/DOS Executable (2004/3) 0.01%
                                                      File name:KASHI SHIP PARTICULARS.pdf.scr.exe
                                                      File size:963'584 bytes
                                                      MD5:42555dbdcc01fddb6e68265cc5704b5b
                                                      SHA1:543e5153ad0bc094841e40330567ac8e9abb2d48
                                                      SHA256:2b1c8e28590c81630fe3c284857734161139c1998cdd28e899cd1049bf5fff0d
                                                      SHA512:027029b37e79edf8f5156e6d651c5aca4608a6ccad14eac33c32a0c92b4814f43c59ae1f46fba454d21af6d5de9fcbd8f6a6b99bd4db2c7d19915adf9416107f
                                                      SSDEEP:12288:I2dhHhAIqUmkY/Tz9P+okSieKdNBJrC2lZNYheNhlK:5dhBArUmxrBP+BSGdC2lQeFK
                                                      TLSH:D525B43C09BE12EB81A5C79DCBE89827F614A86F7150ADA494C647A53357F4B34C323E
                                                      File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...N.................0.............F.... ........@.. ....................... ............@................................
                                                      Icon Hash:00928e8e8686b000
                                                      Entrypoint:0x4ec946
                                                      Entrypoint Section:.text
                                                      Digitally signed:false
                                                      Imagebase:0x400000
                                                      Subsystem:windows gui
                                                      Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                      DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                      Time Stamp:0xF7179C4E [Sat May 14 13:14:54 2101 UTC]
                                                      TLS Callbacks:
                                                      CLR (.Net) Version:
                                                      OS Version Major:4
                                                      OS Version Minor:0
                                                      File Version Major:4
                                                      File Version Minor:0
                                                      Subsystem Version Major:4
                                                      Subsystem Version Minor:0
                                                      Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744
                                                      Instruction
                                                      jmp dword ptr [00402000h]
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      add byte ptr [eax], al
                                                      NameVirtual AddressVirtual Size Is in Section
                                                      IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IMPORT0xec8f10x4f.text
                                                      IMAGE_DIRECTORY_ENTRY_RESOURCE0xee0000x5c4.rsrc
                                                      IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BASERELOC0xf00000xc.reloc
                                                      IMAGE_DIRECTORY_ENTRY_DEBUG0xeb0a40x70.text
                                                      IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                      IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                      IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                      IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                      NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                      .text0x20000xea94c0xeaa00f8baad1f3bac836de946276ec863bb56False0.6818071140783165data6.885130348900251IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                      .rsrc0xee0000x5c40x600fa584dac76e7476effd9926a1dc8c7a0False0.431640625data4.125749235379775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                      .reloc0xf00000xc0x200e3254fb9fb65db1eeb0a6d68ff3affdeFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ
                                                      NameRVASizeTypeLanguageCountryZLIB Complexity
                                                      RT_VERSION0xee0900x334data0.43902439024390244
                                                      RT_MANIFEST0xee3d40x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347
                                                      DLLImport
                                                      mscoree.dll_CorExeMain
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 16, 2024 14:19:04.242917061 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:04.242964983 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:04.243024111 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:04.250185013 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:04.250197887 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:05.547521114 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:05.547679901 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:05.550899982 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:05.550920963 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:05.551285028 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:05.597408056 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:05.939515114 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:05.983330011 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:06.286401987 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:06.286483049 CET44349723172.67.74.152192.168.2.9
                                                      Dec 16, 2024 14:19:06.286536932 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:06.296324015 CET49723443192.168.2.9172.67.74.152
                                                      Dec 16, 2024 14:19:07.687886000 CET4973121192.168.2.950.87.144.157
                                                      Dec 16, 2024 14:19:07.808855057 CET214973150.87.144.157192.168.2.9
                                                      Dec 16, 2024 14:19:07.808964968 CET4973121192.168.2.950.87.144.157
                                                      Dec 16, 2024 14:19:07.813287020 CET4973121192.168.2.950.87.144.157
                                                      Dec 16, 2024 14:19:07.933439970 CET214973150.87.144.157192.168.2.9
                                                      Dec 16, 2024 14:19:07.933507919 CET4973121192.168.2.950.87.144.157
                                                      TimestampSource PortDest PortSource IPDest IP
                                                      Dec 16, 2024 14:19:04.073987961 CET5660453192.168.2.91.1.1.1
                                                      Dec 16, 2024 14:19:04.211040020 CET53566041.1.1.1192.168.2.9
                                                      Dec 16, 2024 14:19:07.031974077 CET5564553192.168.2.91.1.1.1
                                                      Dec 16, 2024 14:19:07.687140942 CET53556451.1.1.1192.168.2.9
                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                      Dec 16, 2024 14:19:04.073987961 CET192.168.2.91.1.1.10x23c5Standard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                      Dec 16, 2024 14:19:07.031974077 CET192.168.2.91.1.1.10x9c4Standard query (0)beirutrest.comA (IP address)IN (0x0001)false
                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                      Dec 16, 2024 14:19:04.211040020 CET1.1.1.1192.168.2.90x23c5No error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                      Dec 16, 2024 14:19:04.211040020 CET1.1.1.1192.168.2.90x23c5No error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                      Dec 16, 2024 14:19:04.211040020 CET1.1.1.1192.168.2.90x23c5No error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                      Dec 16, 2024 14:19:07.687140942 CET1.1.1.1192.168.2.90x9c4No error (0)beirutrest.com50.87.144.157A (IP address)IN (0x0001)false
                                                      • api.ipify.org
                                                      Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                      0192.168.2.949723172.67.74.1524437480C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe
                                                      TimestampBytes transferredDirectionData
                                                      2024-12-16 13:19:05 UTC155OUTGET / HTTP/1.1
                                                      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                      Host: api.ipify.org
                                                      Connection: Keep-Alive
                                                      2024-12-16 13:19:06 UTC427INHTTP/1.1 200 OK
                                                      Date: Mon, 16 Dec 2024 13:19:06 GMT
                                                      Content-Type: text/plain
                                                      Content-Length: 12
                                                      Connection: close
                                                      Vary: Origin
                                                      CF-Cache-Status: DYNAMIC
                                                      Server: cloudflare
                                                      CF-RAY: 8f2ef68f388e8c42-EWR
                                                      server-timing: cfL4;desc="?proto=TCP&rtt=29954&min_rtt=2260&rtt_var=17414&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1292035&cwnd=252&unsent_bytes=0&cid=5dd9ce65f882f14f&ts=756&x=0"
                                                      2024-12-16 13:19:06 UTC12INData Raw: 38 2e 34 36 2e 31 32 33 2e 31 38 39
                                                      Data Ascii: 8.46.123.189


                                                      Click to jump to process

                                                      Click to jump to process

                                                      Click to dive into process behavior distribution

                                                      Click to jump to process

                                                      Target ID:0
                                                      Start time:08:19:01
                                                      Start date:16/12/2024
                                                      Path:C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                                                      Imagebase:0x560000
                                                      File size:963'584 bytes
                                                      MD5 hash:42555DBDCC01FDDB6E68265CC5704B5B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1382442356.0000000003A0B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1382442356.0000000003939000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:true

                                                      Target ID:3
                                                      Start time:08:19:02
                                                      Start date:16/12/2024
                                                      Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                                                      Imagebase:0x3a0000
                                                      File size:433'152 bytes
                                                      MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Target ID:4
                                                      Start time:08:19:02
                                                      Start date:16/12/2024
                                                      Path:C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe
                                                      Wow64 process (32bit):true
                                                      Commandline:"C:\Users\user\Desktop\KASHI SHIP PARTICULARS.pdf.scr.exe"
                                                      Imagebase:0x560000
                                                      File size:963'584 bytes
                                                      MD5 hash:42555DBDCC01FDDB6E68265CC5704B5B
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Yara matches:
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3831410249.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3832717788.00000000029AC000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.3832717788.0000000002981000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                      Reputation:low
                                                      Has exited:false

                                                      Target ID:5
                                                      Start time:08:19:02
                                                      Start date:16/12/2024
                                                      Path:C:\Windows\System32\conhost.exe
                                                      Wow64 process (32bit):false
                                                      Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                      Imagebase:0x7ff70f010000
                                                      File size:862'208 bytes
                                                      MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                      Has elevated privileges:true
                                                      Has administrator privileges:true
                                                      Programmed in:C, C++ or other language
                                                      Reputation:high
                                                      Has exited:true

                                                      Reset < >

                                                        Execution Graph

                                                        Execution Coverage:10.5%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:194
                                                        Total number of Limit Nodes:18
                                                        execution_graph 39665 28e4668 39666 28e467a 39665->39666 39667 28e4686 39666->39667 39669 28e4778 39666->39669 39670 28e479d 39669->39670 39674 28e4888 39670->39674 39678 28e4878 39670->39678 39676 28e48af 39674->39676 39675 28e498c 39675->39675 39676->39675 39682 28e44e0 39676->39682 39680 28e4882 39678->39680 39679 28e498c 39679->39679 39680->39679 39681 28e44e0 CreateActCtxA 39680->39681 39681->39679 39683 28e5918 CreateActCtxA 39682->39683 39685 28e59db 39683->39685 39686 28ed4f8 39687 28ed53e 39686->39687 39691 28ed6c8 39687->39691 39695 28ed6d8 39687->39695 39688 28ed62b 39692 28ed6d8 39691->39692 39698 28eb850 39692->39698 39696 28eb850 DuplicateHandle 39695->39696 39697 28ed706 39696->39697 39697->39688 39699 28ed740 DuplicateHandle 39698->39699 39700 28ed706 39699->39700 39700->39688 39461 6be5929 39466 6be6b77 39461->39466 39486 6be6b20 39461->39486 39506 6be6b30 39461->39506 39462 6be591f 39467 6be6b40 39466->39467 39469 6be6b83 39466->39469 39525 6be755e 39467->39525 39530 6be7001 39467->39530 39535 6be7323 39467->39535 39540 6be79a5 39467->39540 39545 6be7a65 39467->39545 39551 6be6f85 39467->39551 39556 6be7724 39467->39556 39562 6be6f04 39467->39562 39567 6be72e7 39467->39567 39575 6be7269 39467->39575 39580 6be7aca 39467->39580 39585 6be790c 39467->39585 39591 6be7171 39467->39591 39596 6be7a93 39467->39596 39601 6be74f7 39467->39601 39605 6be7036 39467->39605 39468 6be6b6e 39468->39462 39469->39462 39487 6be6ae8 39486->39487 39488 6be6b2b 39486->39488 39487->39462 39490 6be755e 2 API calls 39488->39490 39491 6be7036 2 API calls 39488->39491 39492 6be74f7 2 API calls 39488->39492 39493 6be7a93 2 API calls 39488->39493 39494 6be7171 2 API calls 39488->39494 39495 6be790c 2 API calls 39488->39495 39496 6be7aca 2 API calls 39488->39496 39497 6be7269 2 API calls 39488->39497 39498 6be72e7 4 API calls 39488->39498 39499 6be6f04 2 API calls 39488->39499 39500 6be7724 2 API calls 39488->39500 39501 6be6f85 2 API calls 39488->39501 39502 6be7a65 2 API calls 39488->39502 39503 6be79a5 2 API calls 39488->39503 39504 6be7323 2 API calls 39488->39504 39505 6be7001 2 API calls 39488->39505 39489 6be6b6e 39489->39462 39490->39489 39491->39489 39492->39489 39493->39489 39494->39489 39495->39489 39496->39489 39497->39489 39498->39489 39499->39489 39500->39489 39501->39489 39502->39489 39503->39489 39504->39489 39505->39489 39507 6be6b4a 39506->39507 39509 6be755e 2 API calls 39507->39509 39510 6be7036 2 API calls 39507->39510 39511 6be74f7 2 API calls 39507->39511 39512 6be7a93 2 API calls 39507->39512 39513 6be7171 2 API calls 39507->39513 39514 6be790c 2 API calls 39507->39514 39515 6be7aca 2 API calls 39507->39515 39516 6be7269 2 API calls 39507->39516 39517 6be72e7 4 API calls 39507->39517 39518 6be6f04 2 API calls 39507->39518 39519 6be7724 2 API calls 39507->39519 39520 6be6f85 2 API calls 39507->39520 39521 6be7a65 2 API calls 39507->39521 39522 6be79a5 2 API calls 39507->39522 39523 6be7323 2 API calls 39507->39523 39524 6be7001 2 API calls 39507->39524 39508 6be6b6e 39508->39462 39509->39508 39510->39508 39511->39508 39512->39508 39513->39508 39514->39508 39515->39508 39516->39508 39517->39508 39518->39508 39519->39508 39520->39508 39521->39508 39522->39508 39523->39508 39524->39508 39526 6be7564 39525->39526 39610 6be4abe 39526->39610 39614 6be4ac0 39526->39614 39527 6be7591 39531 6be7016 39530->39531 39618 6be5138 39531->39618 39622 6be5140 39531->39622 39532 6be7815 39536 6be732c 39535->39536 39538 6be5138 WriteProcessMemory 39536->39538 39539 6be5140 WriteProcessMemory 39536->39539 39537 6be74d1 39537->39468 39538->39537 39539->39537 39541 6be6f77 39540->39541 39541->39468 39542 6be72a9 39541->39542 39626 6be53bc 39541->39626 39630 6be53c8 39541->39630 39542->39468 39546 6be7a68 39545->39546 39547 6be6f77 39545->39547 39546->39546 39547->39468 39548 6be72a9 39547->39548 39549 6be53bc CreateProcessA 39547->39549 39550 6be53c8 CreateProcessA 39547->39550 39548->39468 39549->39547 39550->39547 39551->39468 39552 6be6f77 39551->39552 39552->39468 39553 6be72a9 39552->39553 39554 6be53bc CreateProcessA 39552->39554 39555 6be53c8 CreateProcessA 39552->39555 39553->39468 39554->39552 39555->39552 39557 6be7731 39556->39557 39558 6be71d1 39556->39558 39558->39556 39559 6be71a9 39558->39559 39560 6be5138 WriteProcessMemory 39558->39560 39561 6be5140 WriteProcessMemory 39558->39561 39559->39468 39560->39558 39561->39558 39563 6be6f07 39562->39563 39563->39468 39564 6be72a9 39563->39564 39565 6be53bc CreateProcessA 39563->39565 39566 6be53c8 CreateProcessA 39563->39566 39564->39468 39565->39563 39566->39563 39634 6be4b69 39567->39634 39638 6be4b70 39567->39638 39568 6be77dd 39569 6be7287 39569->39568 39571 6be4abe ResumeThread 39569->39571 39572 6be4ac0 ResumeThread 39569->39572 39570 6be7591 39571->39570 39572->39570 39576 6be726f 39575->39576 39578 6be4abe ResumeThread 39576->39578 39579 6be4ac0 ResumeThread 39576->39579 39577 6be7591 39578->39577 39579->39577 39581 6be6f77 39580->39581 39581->39468 39582 6be72a9 39581->39582 39583 6be53bc CreateProcessA 39581->39583 39584 6be53c8 CreateProcessA 39581->39584 39582->39468 39583->39581 39584->39581 39586 6be7579 39585->39586 39587 6be7919 39585->39587 39589 6be4abe ResumeThread 39586->39589 39590 6be4ac0 ResumeThread 39586->39590 39588 6be7591 39589->39588 39590->39588 39592 6be78bb 39591->39592 39642 6be5228 39592->39642 39646 6be5230 39592->39646 39593 6be78e3 39597 6be6f77 39596->39597 39597->39468 39598 6be72a9 39597->39598 39599 6be53bc CreateProcessA 39597->39599 39600 6be53c8 CreateProcessA 39597->39600 39598->39468 39599->39597 39600->39597 39603 6be4b69 Wow64SetThreadContext 39601->39603 39604 6be4b70 Wow64SetThreadContext 39601->39604 39602 6be7514 39603->39602 39604->39602 39606 6be6fec 39605->39606 39606->39605 39650 6be5078 39606->39650 39654 6be5080 39606->39654 39607 6be705e 39611 6be4b00 ResumeThread 39610->39611 39613 6be4b31 39611->39613 39613->39527 39615 6be4b00 ResumeThread 39614->39615 39617 6be4b31 39615->39617 39617->39527 39619 6be5140 WriteProcessMemory 39618->39619 39621 6be51df 39619->39621 39621->39532 39623 6be5188 WriteProcessMemory 39622->39623 39625 6be51df 39623->39625 39625->39532 39627 6be5451 CreateProcessA 39626->39627 39629 6be5613 39627->39629 39631 6be5451 CreateProcessA 39630->39631 39633 6be5613 39631->39633 39635 6be4b70 Wow64SetThreadContext 39634->39635 39637 6be4bfd 39635->39637 39637->39569 39639 6be4bb5 Wow64SetThreadContext 39638->39639 39641 6be4bfd 39639->39641 39641->39569 39643 6be5230 ReadProcessMemory 39642->39643 39645 6be52bf 39643->39645 39645->39593 39647 6be527b ReadProcessMemory 39646->39647 39649 6be52bf 39647->39649 39649->39593 39651 6be50c0 VirtualAllocEx 39650->39651 39653 6be50fd 39651->39653 39653->39607 39655 6be50c0 VirtualAllocEx 39654->39655 39657 6be50fd 39655->39657 39657->39607 39658 6be7d20 39659 6be7eab 39658->39659 39660 6be7d46 39658->39660 39660->39659 39662 6be6084 39660->39662 39663 6be7fa0 PostMessageW 39662->39663 39664 6be800c 39663->39664 39664->39660 39701 28ead70 39702 28ead7f 39701->39702 39704 28eae59 39701->39704 39705 28eae01 39704->39705 39707 28eae62 39704->39707 39705->39702 39706 28eae9c 39706->39702 39707->39706 39708 28eb0a0 GetModuleHandleW 39707->39708 39709 28eb0cd 39708->39709 39709->39702
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8df5153e5f57c8c6e3093627f86a3df0721877a15d916cbba3f0a7a4ac71a31c
                                                        • Instruction ID: 9ef844e56a3e083e11e5176842fe6892a0edc94bb25416f23ecde5a928eb246b
                                                        • Opcode Fuzzy Hash: 8df5153e5f57c8c6e3093627f86a3df0721877a15d916cbba3f0a7a4ac71a31c
                                                        • Instruction Fuzzy Hash: 34518574E012089FDB08DFA9D894AEEBBF2BF89300F14846AD415BB364DB359946CF51
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7f173081ff6e520a3c3073bc258c1498881cd32cc64f2d653a626812e915b96
                                                        • Instruction ID: 0891d0bac7a85c2e0efe9aaf88ccea149312ac53937f56124698cd4d6f074591
                                                        • Opcode Fuzzy Hash: c7f173081ff6e520a3c3073bc258c1498881cd32cc64f2d653a626812e915b96
                                                        • Instruction Fuzzy Hash: BC518374E012089FDB08DFA9D894AEEBBF2BF89304F148429D415BB364DB359942CF55

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 0 6af62d9-6af65a0 2 6af65a7-6af65aa 0->2 3 6af6974-6af69a9 call 6af64e0 2->3 4 6af65b0-6af65b8 2->4 5 6af65ba-6af65c1 4->5 6 6af65c3-6af65c5 4->6 7 6af65f9-6af6611 5->7 8 6af65ca-6af65d2 6->8 12 6af6618-6af662d 7->12 8->3 10 6af65d8-6af65df 8->10 13 6af65ea-6af65ee 10->13 14 6af65e1-6af65e8 10->14 21 6af662f-6af6635 12->21 22 6af6645-6af666c 12->22 13->8 16 6af65f0-6af65f7 13->16 14->16 16->2 16->7 23 6af6639-6af663b 21->23 24 6af6637 21->24 27 6af666e-6af6683 22->27 28 6af6692-6af66d1 22->28 23->22 24->22 33 6af690f-6af693a 27->33 37 6af66fb-6af6778 28->37 38 6af66d3-6af66d9 28->38 42 6af696f 33->42 43 6af693c-6af6943 33->43 52 6af677a-6af67a0 37->52 53 6af67a6-6af67a9 37->53 38->3 40 6af66df-6af66f9 38->40 40->37 40->38 42->3 52->53 54 6af67ab-6af67d1 53->54 55 6af67d7-6af67da 53->55 54->55 56 6af67dc-6af6802 55->56 57 6af6808-6af680b 55->57 56->57 58 6af680d-6af6812 57->58 59 6af6847-6af6877 57->59 60 6af6843-6af6845 58->60 63 6af6879-6af688e 59->63 64 6af6890-6af689c 59->64 60->59 61 6af6814-6af6842 60->61 61->60 65 6af68a5-6af68f5 63->65 64->65 68 6af68fb-6af68fe 65->68 69 6af6906 68->69 69->33
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: F$R
                                                        • API String ID: 0-4292606238
                                                        • Opcode ID: 9489bf88d676d6e6bbecd174fcb160cb0fb0bd8f68939e921832af9546f6f881
                                                        • Instruction ID: 5cee3b03d7877b826ca63c0e350532f71132e8b3ce55fa5f58b3cab38e084a1c
                                                        • Opcode Fuzzy Hash: 9489bf88d676d6e6bbecd174fcb160cb0fb0bd8f68939e921832af9546f6f881
                                                        • Instruction Fuzzy Hash: 8ED1F476A10114EFDB46DF98C984E58BBB2FF49314B168098F6099F272C732EC51DB51

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 70 6be53bc-6be545d 72 6be545f-6be5469 70->72 73 6be5496-6be54b6 70->73 72->73 74 6be546b-6be546d 72->74 78 6be54ef-6be551e 73->78 79 6be54b8-6be54c2 73->79 76 6be546f-6be5479 74->76 77 6be5490-6be5493 74->77 80 6be547d-6be548c 76->80 81 6be547b 76->81 77->73 89 6be5557-6be5611 CreateProcessA 78->89 90 6be5520-6be552a 78->90 79->78 82 6be54c4-6be54c6 79->82 80->80 83 6be548e 80->83 81->80 84 6be54c8-6be54d2 82->84 85 6be54e9-6be54ec 82->85 83->77 87 6be54d6-6be54e5 84->87 88 6be54d4 84->88 85->78 87->87 91 6be54e7 87->91 88->87 101 6be561a-6be56a0 89->101 102 6be5613-6be5619 89->102 90->89 92 6be552c-6be552e 90->92 91->85 94 6be5530-6be553a 92->94 95 6be5551-6be5554 92->95 96 6be553e-6be554d 94->96 97 6be553c 94->97 95->89 96->96 98 6be554f 96->98 97->96 98->95 112 6be56a2-6be56a6 101->112 113 6be56b0-6be56b4 101->113 102->101 112->113 114 6be56a8 112->114 115 6be56b6-6be56ba 113->115 116 6be56c4-6be56c8 113->116 114->113 115->116 117 6be56bc 115->117 118 6be56ca-6be56ce 116->118 119 6be56d8-6be56dc 116->119 117->116 118->119 122 6be56d0 118->122 120 6be56ee-6be56f5 119->120 121 6be56de-6be56e4 119->121 123 6be570c 120->123 124 6be56f7-6be5706 120->124 121->120 122->119 126 6be570d 123->126 124->123 126->126
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BE55FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 57eeba5601dc975764ed080ca92c2035090a2d13045be43ba88f64b1a6a2a467
                                                        • Instruction ID: c1cdb4d16da79e535f2ca2989595f09c8fac7d8bfa17495f01e5cbf9e3a2d5b3
                                                        • Opcode Fuzzy Hash: 57eeba5601dc975764ed080ca92c2035090a2d13045be43ba88f64b1a6a2a467
                                                        • Instruction Fuzzy Hash: 47A16CB2D007198FEB60DF68C8417EEBBB2FF44314F1485A9D809A7280DB759985CF91

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 127 6be53c8-6be545d 129 6be545f-6be5469 127->129 130 6be5496-6be54b6 127->130 129->130 131 6be546b-6be546d 129->131 135 6be54ef-6be551e 130->135 136 6be54b8-6be54c2 130->136 133 6be546f-6be5479 131->133 134 6be5490-6be5493 131->134 137 6be547d-6be548c 133->137 138 6be547b 133->138 134->130 146 6be5557-6be5611 CreateProcessA 135->146 147 6be5520-6be552a 135->147 136->135 139 6be54c4-6be54c6 136->139 137->137 140 6be548e 137->140 138->137 141 6be54c8-6be54d2 139->141 142 6be54e9-6be54ec 139->142 140->134 144 6be54d6-6be54e5 141->144 145 6be54d4 141->145 142->135 144->144 148 6be54e7 144->148 145->144 158 6be561a-6be56a0 146->158 159 6be5613-6be5619 146->159 147->146 149 6be552c-6be552e 147->149 148->142 151 6be5530-6be553a 149->151 152 6be5551-6be5554 149->152 153 6be553e-6be554d 151->153 154 6be553c 151->154 152->146 153->153 155 6be554f 153->155 154->153 155->152 169 6be56a2-6be56a6 158->169 170 6be56b0-6be56b4 158->170 159->158 169->170 171 6be56a8 169->171 172 6be56b6-6be56ba 170->172 173 6be56c4-6be56c8 170->173 171->170 172->173 174 6be56bc 172->174 175 6be56ca-6be56ce 173->175 176 6be56d8-6be56dc 173->176 174->173 175->176 179 6be56d0 175->179 177 6be56ee-6be56f5 176->177 178 6be56de-6be56e4 176->178 180 6be570c 177->180 181 6be56f7-6be5706 177->181 178->177 179->176 183 6be570d 180->183 181->180 183->183
                                                        APIs
                                                        • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06BE55FE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: CreateProcess
                                                        • String ID:
                                                        • API String ID: 963392458-0
                                                        • Opcode ID: 380276d8083790643fac26d804d1c87e0b381101624f46780ee604ed8d046de3
                                                        • Instruction ID: 7a91a2b55f6bfaf63ceaf56e45a5182fe9df967495f6b993e6dc0d6edb1b41fc
                                                        • Opcode Fuzzy Hash: 380276d8083790643fac26d804d1c87e0b381101624f46780ee604ed8d046de3
                                                        • Instruction Fuzzy Hash: 99915CB2D007198FEB60DF68C8417EEBBB2FF44314F1485A9D809A7290DB759985CF91

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 184 28eae59-28eae60 185 28eae62-28eae77 184->185 186 28eae01-28eae35 184->186 187 28eae79-28eae86 call 28e9494 185->187 188 28eaea3-28eaea7 185->188 199 28eae37-28eae42 186->199 200 28eae44-28eae4c 186->200 197 28eae9c 187->197 198 28eae88 187->198 190 28eaebb-28eaefc 188->190 191 28eaea9-28eaeb3 188->191 201 28eaefe-28eaf06 190->201 202 28eaf09-28eaf17 190->202 191->190 197->188 249 28eae8e call 28eb100 198->249 250 28eae8e call 28eb0f1 198->250 203 28eae4f-28eae54 199->203 200->203 201->202 204 28eaf3b-28eaf3d 202->204 205 28eaf19-28eaf1e 202->205 210 28eaf40-28eaf47 204->210 207 28eaf29 205->207 208 28eaf20-28eaf27 call 28ea1d0 205->208 206 28eae94-28eae96 206->197 209 28eafd8-28eaff1 206->209 212 28eaf2b-28eaf39 207->212 208->212 224 28eaff2-28eb050 209->224 213 28eaf49-28eaf51 210->213 214 28eaf54-28eaf5b 210->214 212->210 213->214 215 28eaf5d-28eaf65 214->215 216 28eaf68-28eaf71 call 28ea1e0 214->216 215->216 222 28eaf7e-28eaf83 216->222 223 28eaf73-28eaf7b 216->223 225 28eaf85-28eaf8c 222->225 226 28eafa1-28eafae 222->226 223->222 242 28eb052-28eb054 224->242 225->226 227 28eaf8e-28eaf9e call 28ea1f0 call 28ea200 225->227 231 28eafb0-28eafce 226->231 232 28eafd1-28eafd7 226->232 227->226 231->232 243 28eb056 242->243 244 28eb080-28eb0cb GetModuleHandleW 242->244 243->244 246 28eb0cd-28eb0d3 244->246 247 28eb0d4-28eb0e8 244->247 246->247 249->206 250->206
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e9d1402cd366749a8e842b1a963d1fb59f67f081db24ea28f364980b4176b412
                                                        • Instruction ID: cd235507e73f3b3f8c8e82628a08891159aabe8cf9ac66bb55bf54c092834ff9
                                                        • Opcode Fuzzy Hash: e9d1402cd366749a8e842b1a963d1fb59f67f081db24ea28f364980b4176b412
                                                        • Instruction Fuzzy Hash: 9F818B78604B458FEB29DF39D05035ABBF2FF86714F044A6AD08AC7A51D735E809CB91

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 251 28e590d-28e59d9 CreateActCtxA 253 28e59db-28e59e1 251->253 254 28e59e2-28e5a3c 251->254 253->254 261 28e5a3e-28e5a41 254->261 262 28e5a4b-28e5a4f 254->262 261->262 263 28e5a60-28e5a90 262->263 264 28e5a51-28e5a5d 262->264 268 28e5a42-28e5a47 263->268 269 28e5a92-28e5b14 263->269 264->263 268->262
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 028E59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: 858d46505e5381ed5bf83412288710dc50ade470835164e1d58bbc8fe0267a64
                                                        • Instruction ID: 10113d0d4bac197e19069a966a33222a36c57c196bb240e6a778278533732de8
                                                        • Opcode Fuzzy Hash: 858d46505e5381ed5bf83412288710dc50ade470835164e1d58bbc8fe0267a64
                                                        • Instruction Fuzzy Hash: 6441B0B4C00719CFEB24DFA9C884B9EFBB1AF49318F20846AD409AB251DB756949CF50

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 272 28e44e0-28e59d9 CreateActCtxA 275 28e59db-28e59e1 272->275 276 28e59e2-28e5a3c 272->276 275->276 283 28e5a3e-28e5a41 276->283 284 28e5a4b-28e5a4f 276->284 283->284 285 28e5a60-28e5a90 284->285 286 28e5a51-28e5a5d 284->286 290 28e5a42-28e5a47 285->290 291 28e5a92-28e5b14 285->291 286->285 290->284
                                                        APIs
                                                        • CreateActCtxA.KERNEL32(?), ref: 028E59C9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: Create
                                                        • String ID:
                                                        • API String ID: 2289755597-0
                                                        • Opcode ID: aa7cc19fbb4a063052a0d03ecca2bbf0c914ddcfc26b08f22f29a6c8f7b9faf2
                                                        • Instruction ID: ea44e04094d6e10a3f3a6ec9e3e44e33167c0aa7816681edff1ca1ad07dee908
                                                        • Opcode Fuzzy Hash: aa7cc19fbb4a063052a0d03ecca2bbf0c914ddcfc26b08f22f29a6c8f7b9faf2
                                                        • Instruction Fuzzy Hash: DB41C074C00719CBEB24DFA9C884BDEFBB5BF49318F60806AD409AB251DB756945CF90

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 294 6be5138-6be518e 297 6be519e-6be51dd WriteProcessMemory 294->297 298 6be5190-6be519c 294->298 300 6be51df-6be51e5 297->300 301 6be51e6-6be5216 297->301 298->297 300->301
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BE51D0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: fb0342c469519ecad090c14ded2fcacd8facf1a3c6f4f07935d8e3431c982d1e
                                                        • Instruction ID: 103a3c1b79199194a34cd99b71fd1773128ee1388654010ceb3eefd556f98f73
                                                        • Opcode Fuzzy Hash: fb0342c469519ecad090c14ded2fcacd8facf1a3c6f4f07935d8e3431c982d1e
                                                        • Instruction Fuzzy Hash: 692144B6D003199FDB10CFAAC885BDEBBF5FF48310F10842AE919A7240C7799940CBA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 305 6be5140-6be518e 307 6be519e-6be51dd WriteProcessMemory 305->307 308 6be5190-6be519c 305->308 310 6be51df-6be51e5 307->310 311 6be51e6-6be5216 307->311 308->307 310->311
                                                        APIs
                                                        • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06BE51D0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessWrite
                                                        • String ID:
                                                        • API String ID: 3559483778-0
                                                        • Opcode ID: c4aa3a575a7c28fa2295e3610abba140f8f6fe875135457733d3931667344982
                                                        • Instruction ID: bc4b6e445b1073d689f96cf5e05f68c5c399527f564504c4721f81f1396ec8e2
                                                        • Opcode Fuzzy Hash: c4aa3a575a7c28fa2295e3610abba140f8f6fe875135457733d3931667344982
                                                        • Instruction Fuzzy Hash: 0B2125B2D003199FDB10CFAAC885BDEBBF5FF48314F10842AE919A7240C7799954CBA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 315 6be5228-6be52bd ReadProcessMemory 319 6be52bf-6be52c5 315->319 320 6be52c6-6be52f6 315->320 319->320
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BE52B0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 99b6b73e23da3dbd03d3b6d8f7ec5a31a97e9e9427405d3f26d2135a74399943
                                                        • Instruction ID: 2a88cc53022e89c7b20dbe2b136de1b80f910a7a0fc920e301f51d209e683a55
                                                        • Opcode Fuzzy Hash: 99b6b73e23da3dbd03d3b6d8f7ec5a31a97e9e9427405d3f26d2135a74399943
                                                        • Instruction Fuzzy Hash: BF2119B1C003599FDB10DFAAC885BDEBBF5FF48310F508429E559A7240D7799544CBA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 324 28eb850-28ed7d4 DuplicateHandle 326 28ed7dd-28ed7fa 324->326 327 28ed7d6-28ed7dc 324->327 327->326
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,028ED706,?,?,?,?,?), ref: 028ED7C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 681a30ad582e83003c2cbd7dc6a19b38b9f30e3352fc5b2a9b2d39172c3faf3f
                                                        • Instruction ID: ea522061d341a50455f9e70f9e276a6cb14558c7e624c421d1125e588d3cb54b
                                                        • Opcode Fuzzy Hash: 681a30ad582e83003c2cbd7dc6a19b38b9f30e3352fc5b2a9b2d39172c3faf3f
                                                        • Instruction Fuzzy Hash: 272105B9900308DFDB10CF9AD884ADEBBF8EB48310F10841AE919A3350D374A944CFA0

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 330 6be4b69-6be4bbb 333 6be4bbd-6be4bc9 330->333 334 6be4bcb-6be4bfb Wow64SetThreadContext 330->334 333->334 336 6be4bfd-6be4c03 334->336 337 6be4c04-6be4c34 334->337 336->337
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BE4BEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: b8d8e72de7378b1693eb6b0c257d36f09418329b58e2b00ad3a0e66bb765f1fe
                                                        • Instruction ID: 0c7f25afe75de325a69558c0dd36b7349072ec1252d4b0a3cf53220f5256490e
                                                        • Opcode Fuzzy Hash: b8d8e72de7378b1693eb6b0c257d36f09418329b58e2b00ad3a0e66bb765f1fe
                                                        • Instruction Fuzzy Hash: 3D2168B1D003098FDB10CFAAC485BEEBBF4EF48324F14842AD419A7240D7789945CFA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 351 6be5230-6be52bd ReadProcessMemory 354 6be52bf-6be52c5 351->354 355 6be52c6-6be52f6 351->355 354->355
                                                        APIs
                                                        • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06BE52B0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MemoryProcessRead
                                                        • String ID:
                                                        • API String ID: 1726664587-0
                                                        • Opcode ID: 98c6196161388b4de602471e9c83e864175af4cf85cfe6617b956dd1d087e0c6
                                                        • Instruction ID: e77a0b12f3acae5836fc393acc957c06a33c7209169f283639616a04c749be48
                                                        • Opcode Fuzzy Hash: 98c6196161388b4de602471e9c83e864175af4cf85cfe6617b956dd1d087e0c6
                                                        • Instruction Fuzzy Hash: 0621F8B2C003499FDB10DFAAC885BDEBBF5FF48310F54842AE559A7240D7799544CBA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 341 6be4b70-6be4bbb 343 6be4bbd-6be4bc9 341->343 344 6be4bcb-6be4bfb Wow64SetThreadContext 341->344 343->344 346 6be4bfd-6be4c03 344->346 347 6be4c04-6be4c34 344->347 346->347
                                                        APIs
                                                        • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06BE4BEE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: ContextThreadWow64
                                                        • String ID:
                                                        • API String ID: 983334009-0
                                                        • Opcode ID: 81d3e19bfbe795c657eef24dc4c9bb846ecef179c18180ce6509a9cd19368743
                                                        • Instruction ID: 1ebc9fa595ab870a48c692ecca584b4006f604759864c4e00028b9ee7e4cbf2a
                                                        • Opcode Fuzzy Hash: 81d3e19bfbe795c657eef24dc4c9bb846ecef179c18180ce6509a9cd19368743
                                                        • Instruction Fuzzy Hash: 8C2115B1D003098FDB10DFAAC4857EEBBF4EF48324F14842AD559A7240D778A945CFA5

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 359 6be5080-6be50fb VirtualAllocEx 362 6be50fd-6be5103 359->362 363 6be5104-6be5129 359->363 362->363
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BE50EE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: 247051fb7fe983c2994b93b19570d234cfab23bc15eeaaaabbe8c5f0df6484f8
                                                        • Instruction ID: 3c2e5ca85bc12569118f922ae63bc9c874e3c71f92ef89fc5f9385180aefc163
                                                        • Opcode Fuzzy Hash: 247051fb7fe983c2994b93b19570d234cfab23bc15eeaaaabbe8c5f0df6484f8
                                                        • Instruction Fuzzy Hash: 431137728003499FDB10DFAAC845BDEBBF5EF48324F148419E51AA7250C77AA940CFA1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 367 6be5078-6be50fb VirtualAllocEx 370 6be50fd-6be5103 367->370 371 6be5104-6be5129 367->371 370->371
                                                        APIs
                                                        • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06BE50EE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: AllocVirtual
                                                        • String ID:
                                                        • API String ID: 4275171209-0
                                                        • Opcode ID: c0243b524ed4c08785a2a056bc2f2c92d5068f62fe7ebd0f53962644b5313902
                                                        • Instruction ID: 7bbc87b2177c2d5c7aa60b696bb65031362af0a80be5b1708c9c286ce54afd85
                                                        • Opcode Fuzzy Hash: c0243b524ed4c08785a2a056bc2f2c92d5068f62fe7ebd0f53962644b5313902
                                                        • Instruction Fuzzy Hash: 35116AB6800349CFDB10CFA9C845BDEBBF5EF48314F148819D556A7250C7799540CFA0
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: 90e77f9705682dfed14de24c5705ea7d2eeda6d7979be84b75d560dd821d9390
                                                        • Instruction ID: 65b1a1f4acbf5e19345bf2bd85c8d855779adf451baaa9e64dfd889c32b19edd
                                                        • Opcode Fuzzy Hash: 90e77f9705682dfed14de24c5705ea7d2eeda6d7979be84b75d560dd821d9390
                                                        • Instruction Fuzzy Hash: 201136B1D003498FDB20DFAAC4457DEFBF4EF88320F24842AD519A7240C779A944CBA5
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BE7FFD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: 278f4a871a0b560b0165365c330e9d67ee154c5fb0ec8481e0c32b905519af30
                                                        • Instruction ID: f6a689a81a3ea47dd5080d0b1ca6b58a1f767765b72b444f7a52e76b71a57836
                                                        • Opcode Fuzzy Hash: 278f4a871a0b560b0165365c330e9d67ee154c5fb0ec8481e0c32b905519af30
                                                        • Instruction Fuzzy Hash: 9A11F5B58007499FDB20DF9AD885BDEBBF8EB48320F108559E519A3250D379A544CFA1
                                                        APIs
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: ResumeThread
                                                        • String ID:
                                                        • API String ID: 947044025-0
                                                        • Opcode ID: cb398aebd78be6c8e370e53fd671f1a289985f6eb32a899a4b9d9d82595ddba3
                                                        • Instruction ID: 45cadd8180f8fb0ec8d7b68e3d6a76ad62abe4cf3b93449271d9c094a9c0aee2
                                                        • Opcode Fuzzy Hash: cb398aebd78be6c8e370e53fd671f1a289985f6eb32a899a4b9d9d82595ddba3
                                                        • Instruction Fuzzy Hash: 031125B1D002498BDB20DFAAC4457DEBBF5EB88210F24845AD41AA7640C779A945CBA1
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 028EB0BE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: 2d9b0d88761334768726497498b57d56056283a5af883e0f975b5a8cfd8c3b96
                                                        • Instruction ID: 81d92f58c4293f1b55726f91a67b397439567951e2d3aad2c173e99c7fd3ad85
                                                        • Opcode Fuzzy Hash: 2d9b0d88761334768726497498b57d56056283a5af883e0f975b5a8cfd8c3b96
                                                        • Instruction Fuzzy Hash: 5F11E0B9C006498FDB10CF9AC444BDEFBF4FF89224F10846AD52AA7650D379A545CFA1
                                                        APIs
                                                        • PostMessageW.USER32(?,00000010,00000000,?), ref: 06BE7FFD
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: MessagePost
                                                        • String ID:
                                                        • API String ID: 410705778-0
                                                        • Opcode ID: efe6e6490546f1eff0f84c88db7c82023d55e80957a7ab7a696ffccb4b384b08
                                                        • Instruction ID: d7d3eb85296e71704b0ede7455b25219b9c9eca84887d5b894ebf4a2ce75f7d5
                                                        • Opcode Fuzzy Hash: efe6e6490546f1eff0f84c88db7c82023d55e80957a7ab7a696ffccb4b384b08
                                                        • Instruction Fuzzy Hash: 4D1133B5800749DFDB20CF9AD884BDEBBF8EB48320F10845AE519A3340C379A944CFA1
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: F
                                                        • API String ID: 0-1304234792
                                                        • Opcode ID: bf4194531eea288a1bcfd4ae91e8710fbb1630dab35b43be4c7b31b104879cf7
                                                        • Instruction ID: b6f9be3b8c33c2d453218950400b9ebb814fc98a1c3a22a5556dc6f62c4ffe23
                                                        • Opcode Fuzzy Hash: bf4194531eea288a1bcfd4ae91e8710fbb1630dab35b43be4c7b31b104879cf7
                                                        • Instruction Fuzzy Hash: 8C419D70A14204CFDB44DFA8C994AADBBF1FF49300B1594A6E605AF262DB31EC01CB52
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8
                                                        • API String ID: 0-4194326291
                                                        • Opcode ID: cb1c0e2d5e7b3b8ea56065e207165787e741f64e296f66a17c5e0edddc871a8c
                                                        • Instruction ID: f4e9289aca9532d01e831490277485068c6599d9fd757302a663a0589afb5fc5
                                                        • Opcode Fuzzy Hash: cb1c0e2d5e7b3b8ea56065e207165787e741f64e296f66a17c5e0edddc871a8c
                                                        • Instruction Fuzzy Hash: 24318671B24205DFFBA4BBE9E8517797372EB84311F148426B606AB281CAB4D941CBD2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: 8
                                                        • API String ID: 0-4194326291
                                                        • Opcode ID: 3ccaee3691ade67585838b30f14bfdfea2521449e71513f3309798ba57911e97
                                                        • Instruction ID: 0528c1e004ead6a88f6af574b1d74ae8a6ee98fadb23166486ffc11d96d983d6
                                                        • Opcode Fuzzy Hash: 3ccaee3691ade67585838b30f14bfdfea2521449e71513f3309798ba57911e97
                                                        • Instruction Fuzzy Hash: 9EF0C870B30301DFEBA06BA0DC52B987771FB40711F15C856A9056F681E7E0CCA0C792
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $
                                                        • API String ID: 0-3993045852
                                                        • Opcode ID: 73a5e4b2ef462e677e7dd1fa0ac76c61fdd1251dbd45cefece958b6a5f30bafb
                                                        • Instruction ID: dc8b5ab49ae7f3a43f3a46d572ecf72cfa41e85611138efc53a45b411b31a374
                                                        • Opcode Fuzzy Hash: 73a5e4b2ef462e677e7dd1fa0ac76c61fdd1251dbd45cefece958b6a5f30bafb
                                                        • Instruction Fuzzy Hash: 07F08232604504BFDF18DF58D884AEE7FEAEB44354F14C16AE509D7324E770D9508B90
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: I
                                                        • API String ID: 0-3707901625
                                                        • Opcode ID: 8cba9048110afe36e4cfbe105c1fdb6172a0a67e96b32e8068fe45ea404da9b4
                                                        • Instruction ID: 11f9d26b4bad3cc07c428dcadd5b49129d200386412d472056d8d7420c5e00f3
                                                        • Opcode Fuzzy Hash: 8cba9048110afe36e4cfbe105c1fdb6172a0a67e96b32e8068fe45ea404da9b4
                                                        • Instruction Fuzzy Hash: 57E026E102D2455FD7C2AFD088810A43F34DB03110B492087E1A88B252DD180907D7A3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 8316b7c693def12830e1fbb8caadbc9f7137bd4ee0701a6ada55e29820c0e44a
                                                        • Instruction ID: ab31eea2d2a1778661e52a033646ac86e688bd713e1c51480cc39de64d29eaba
                                                        • Opcode Fuzzy Hash: 8316b7c693def12830e1fbb8caadbc9f7137bd4ee0701a6ada55e29820c0e44a
                                                        • Instruction Fuzzy Hash: 45E08C2141E3C8AFD3C2ABF2AD10568FF789E13104B0519C3E5468B2A3D6645E1883B3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: G
                                                        • API String ID: 0-985283518
                                                        • Opcode ID: b47a4f59cf4ad2202efda0ee0dcc5bc144f50f21d4c69714ca4387b6009fe176
                                                        • Instruction ID: 6754b411a83085cf968aa3c9a0257118de0f7dea1c6d0a46b9029c6090967fca
                                                        • Opcode Fuzzy Hash: b47a4f59cf4ad2202efda0ee0dcc5bc144f50f21d4c69714ca4387b6009fe176
                                                        • Instruction Fuzzy Hash: 1ED05EB540D248DFE385DFA1A8151A8BFB99B02211B2411CBE5198BA92C7651F009EE3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: I9d
                                                        • API String ID: 0-3293661094
                                                        • Opcode ID: 8e132dcf3c84a2536ccf7c50f8c530734ed566e8aac9d4d93e62c7e0ab7a77f1
                                                        • Instruction ID: 1d7650d22a234a0c44071501fb0cf1ba942433bb61174a6721b04c5fb606ea8c
                                                        • Opcode Fuzzy Hash: 8e132dcf3c84a2536ccf7c50f8c530734ed566e8aac9d4d93e62c7e0ab7a77f1
                                                        • Instruction Fuzzy Hash: 96D0123614410C9F4B80FEE5E840C62B7EDBB546407008826E544C7121E621E435E795
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: G
                                                        • API String ID: 0-985283518
                                                        • Opcode ID: 83f8809f63114954881cace6048835d8b917b4645e35eb3612c4e64c15f0d312
                                                        • Instruction ID: 060b35e4387052e6cbc5847120f8647cb835bee1cd0e8998c1d8abfbc63045ff
                                                        • Opcode Fuzzy Hash: 83f8809f63114954881cace6048835d8b917b4645e35eb3612c4e64c15f0d312
                                                        • Instruction Fuzzy Hash: 17C08CB040810CEFE780EBC2E90952CF7BDE700212F000289FA0E87280CB752F009AC2
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: (
                                                        • API String ID: 0-3887548279
                                                        • Opcode ID: 34390799ccb41ec4bb98a8bee3d8bef1a911faeb0b9da4e4b923a2b6bf9ea2ad
                                                        • Instruction ID: ec6960e242f35b8d4d1f7d68fec993e6c89ccaee6b0c962ddffdd0a254f22c9c
                                                        • Opcode Fuzzy Hash: 34390799ccb41ec4bb98a8bee3d8bef1a911faeb0b9da4e4b923a2b6bf9ea2ad
                                                        • Instruction Fuzzy Hash: BBC08C3041920CEBD7E0FFD2FE0152CF3BC9B02114F001286AA0A03201CA319E1052C3
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: I
                                                        • API String ID: 0-3707901625
                                                        • Opcode ID: d9de81e79d5e945ce71ce32008ec53c5c31c80f67c2a0bf4aac408ac82a2979e
                                                        • Instruction ID: 9e8bdd3814a55bf020677dd48510df213db700819b2736fef2b527e2dc949767
                                                        • Opcode Fuzzy Hash: d9de81e79d5e945ce71ce32008ec53c5c31c80f67c2a0bf4aac408ac82a2979e
                                                        • Instruction Fuzzy Hash: ABC08C7061820CEFD780FFC0DA9152DB7BCD700315F0022A6AA4D03200CE311E1492C7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5fc9d1d9fca9adc5fcf7f44040bfdea110d36777eff65b2e4fb2525cc95603c4
                                                        • Instruction ID: 401ce3b4a40d30d670c481ef6ee71aa9dcca481a89d8a2d865d92c1207350729
                                                        • Opcode Fuzzy Hash: 5fc9d1d9fca9adc5fcf7f44040bfdea110d36777eff65b2e4fb2525cc95603c4
                                                        • Instruction Fuzzy Hash: 2C6234B0E00B458BDBB1AFB495883AD7AA5BB52306F10591FD0FBCB791EB7494418BC1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 559ea483c300ffb7de58a2b92fc65db16835a7ae5ca03fff32e52b69a433077b
                                                        • Instruction ID: 1c6fc1cda685c7c4f730a094354abf0b02500fbd0b559a5579790ef76fc5a8fc
                                                        • Opcode Fuzzy Hash: 559ea483c300ffb7de58a2b92fc65db16835a7ae5ca03fff32e52b69a433077b
                                                        • Instruction Fuzzy Hash: BB42E430D10619CFCF55EFA8C8846DCBBB1BF49300F5186A9D5497B265EB30AA99CF81
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e6860e7deb50f37a27824dfc371a8a9811df246ed2ec3869356f07d2e478b251
                                                        • Instruction ID: 553d2b68062a3e90fadeb663e13280da8269fc1f066dcd0bbce53b09187fce77
                                                        • Opcode Fuzzy Hash: e6860e7deb50f37a27824dfc371a8a9811df246ed2ec3869356f07d2e478b251
                                                        • Instruction Fuzzy Hash: 5522E9B0D05F468BD7B16FB4A68839EB694BB17305F205D1FC0FACA652E77490828BC5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6c60c74c92ab52cf5354588fcb73b0eae5ca0ad14cbaca3484bf959aa4db056c
                                                        • Instruction ID: de45eb08a8ac7964827cc611b78feaab459a2eb337d1a534285f20b55228c63c
                                                        • Opcode Fuzzy Hash: 6c60c74c92ab52cf5354588fcb73b0eae5ca0ad14cbaca3484bf959aa4db056c
                                                        • Instruction Fuzzy Hash: 27B1AD75E04208CFDF25EFA5C9606AEBBF6FF88301F204569D106AB242DB319851CF92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c6e4ef24ecbc316412898481ac8d14485c24cbd3c45a6dcd6c8e6c7171262521
                                                        • Instruction ID: 814482dc2af112c7a96afc5c8752846a354ed51a6712b931caaf164bea6bbc64
                                                        • Opcode Fuzzy Hash: c6e4ef24ecbc316412898481ac8d14485c24cbd3c45a6dcd6c8e6c7171262521
                                                        • Instruction Fuzzy Hash: 3FF1C875D1061A8FCF10EFA8C9549EDB7B5FF49300F1186A9D949B7214EB30AA89CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: da89cba0cf3b4d0f9cd402a390d945038cdd7213e0383d11e3ecb2640088f8ad
                                                        • Instruction ID: 8b99f0e090800f4d6da8e5ac32a685e47e991c685c11728ee88b4635cb9d60f1
                                                        • Opcode Fuzzy Hash: da89cba0cf3b4d0f9cd402a390d945038cdd7213e0383d11e3ecb2640088f8ad
                                                        • Instruction Fuzzy Hash: EDE1C875D1061A8FCF10DFA8C954AEDB7B5FF49300F1086A9D949B7215EB30AA89CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 230483dc74d66778758f787c874cacb0f7d7d1742cbf1d5c7579fa04c6c48ac9
                                                        • Instruction ID: 04c00b638b1b7e0cef2071142144b8c1edc0d5158d18d2100c183fdf94aff002
                                                        • Opcode Fuzzy Hash: 230483dc74d66778758f787c874cacb0f7d7d1742cbf1d5c7579fa04c6c48ac9
                                                        • Instruction Fuzzy Hash: DFC15C30E10209CFDB54EFA8C854AADB7F2BF85304F1485A9E506BB351EB70AD85CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 706b625eba1089cc20747553920e8afcf31c271238886dc5825c15ed3aa34f8f
                                                        • Instruction ID: bc1629ea8bd700d31f492f259cbdf458a9787318f9984b53e9b7aefd98d2af93
                                                        • Opcode Fuzzy Hash: 706b625eba1089cc20747553920e8afcf31c271238886dc5825c15ed3aa34f8f
                                                        • Instruction Fuzzy Hash: 1AA16F35A00218CFDB05EBA8C584AAEB7F6FF89315F2444A9D405AB391CB35ED41CFA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3b393a1aeeb3135998e6fbc9d1a94fbe73e7c63e2e058c65f27c8921457e9320
                                                        • Instruction ID: 35b34e3d9150aae88a301353863012606c11bb718ea9140a535ca38153d5282c
                                                        • Opcode Fuzzy Hash: 3b393a1aeeb3135998e6fbc9d1a94fbe73e7c63e2e058c65f27c8921457e9320
                                                        • Instruction Fuzzy Hash: 70917079A002199FCB04DFA8D4809AEBBF5EF89315B14C46AE805EB351EB35DD06CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fff176189d0adfbfba538b186d2695c7c72d9a691c18e919d8b267af2c2d0d25
                                                        • Instruction ID: 0cadfbc75a4d9d28d27cbbec0f19fe3118c2169a3414646bb69b2e0369cf1509
                                                        • Opcode Fuzzy Hash: fff176189d0adfbfba538b186d2695c7c72d9a691c18e919d8b267af2c2d0d25
                                                        • Instruction Fuzzy Hash: 1FA12B34A00718DBDB14DF65C840BAEBBB5FF89300F10859AE949A7351EB709D82CF91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adfcd96138f976b30229185e27295d73d56c69f9b98b6c46d7965ae756c4dad2
                                                        • Instruction ID: 9a09c995d2e6560ee83b8f4176450e1563349f1c9184ffc9a1f999fa8d295f10
                                                        • Opcode Fuzzy Hash: adfcd96138f976b30229185e27295d73d56c69f9b98b6c46d7965ae756c4dad2
                                                        • Instruction Fuzzy Hash: 98919370E24648CFD784EBE9C480BADB7F1BF45300F148596E25AAB341C775E941CBA2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4662e0e63e9d286b0eb3fad9578f5a6328d81b7873b3fde8b1e16861d06de8b2
                                                        • Instruction ID: 3988f676d2ee0296891bae43b1686fda8e5948ba88cd6f583ea5fa13437c11c4
                                                        • Opcode Fuzzy Hash: 4662e0e63e9d286b0eb3fad9578f5a6328d81b7873b3fde8b1e16861d06de8b2
                                                        • Instruction Fuzzy Hash: B681D239710610CFCB14EF68D5989AA7BFABF89B05B1581A9E506CB375DB71EC01CB80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 34b7f24a872badcb79f1a4aa25253d087622b1f63469afc784f630d68d4290dd
                                                        • Instruction ID: 394878aaf607f50f0339fafa2fcce452421852e908f0235ea947fae976ddc66a
                                                        • Opcode Fuzzy Hash: 34b7f24a872badcb79f1a4aa25253d087622b1f63469afc784f630d68d4290dd
                                                        • Instruction Fuzzy Hash: 1E91E275A0060A9FDB24DFA8C980AEEB7F6FF48314F148529E929E7254D730E951CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a2936d9ed7ba83e22046b97e97ff5d4db5f8f6a5c05e6414ebe38d41f5bf8e9a
                                                        • Instruction ID: 67ece3a8cc4dac3b35b7cfed9ad66cca714e0fd66e8c1d6eb7858ab2fd39bc1f
                                                        • Opcode Fuzzy Hash: a2936d9ed7ba83e22046b97e97ff5d4db5f8f6a5c05e6414ebe38d41f5bf8e9a
                                                        • Instruction Fuzzy Hash: 66815E35A10209DFCB04EFA4D8989ADBBB5FF89305F148569E502AF364EB70A945CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 23ad2634713d8501ed865a793445030a5e013c0d01c316ebfea730db6fc222a6
                                                        • Instruction ID: 52274b52943bc596e2d28dc1707e264f986aa1c22ebd2fccd70a364449a2d8cc
                                                        • Opcode Fuzzy Hash: 23ad2634713d8501ed865a793445030a5e013c0d01c316ebfea730db6fc222a6
                                                        • Instruction Fuzzy Hash: 87817D30E20609DFDF50FFA9D4986ACBBB1FF45300F114469E146AB2A5EB31D965CB82
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6e72ef2071bc597a621ed57fc21eea423adb3dd25d71d18686b71af3927a50b
                                                        • Instruction ID: f64ab86774173c7f58516d806b66758bc5dd534e4c54d7b89c090247558e6721
                                                        • Opcode Fuzzy Hash: f6e72ef2071bc597a621ed57fc21eea423adb3dd25d71d18686b71af3927a50b
                                                        • Instruction Fuzzy Hash: D591D274A0060A9FDB24DFA8C980AAEB7F6FF48315F148529E929D7354E730E941CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35de5116a7b1b98f996c22a3e415867982fa715a501cabfbd7aa73c00155f961
                                                        • Instruction ID: 3ec807f4d7d91f80f4b9527bdcc1834ac25e4f10dfbbd152047cd23cd47d410c
                                                        • Opcode Fuzzy Hash: 35de5116a7b1b98f996c22a3e415867982fa715a501cabfbd7aa73c00155f961
                                                        • Instruction Fuzzy Hash: EB911A74900719DFDB10DF64C840BAEBBB5FF89700F14819AE949A7211EB31AE82CF91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 29828faf0a288f07746377b37da35c1b1f18e67464a5fa5995e048a575ed082d
                                                        • Instruction ID: eecfffd2b41529c27401ff206a030d2b3947203967e89313cadbf792372fa9a2
                                                        • Opcode Fuzzy Hash: 29828faf0a288f07746377b37da35c1b1f18e67464a5fa5995e048a575ed082d
                                                        • Instruction Fuzzy Hash: 52713979A007058FCB20DF79D984AAEB7F1FF48215B148A2ED55AE3750DB34E9058B80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01aee3349fe764670d77f1fb9b8b7fc4329befade2214605c6df42677b6f976a
                                                        • Instruction ID: 859188c088f49d70ca11c2ea3a6185a06cfe5c0ea4400ebf367507a694b75db7
                                                        • Opcode Fuzzy Hash: 01aee3349fe764670d77f1fb9b8b7fc4329befade2214605c6df42677b6f976a
                                                        • Instruction Fuzzy Hash: 52716931E00609DFDB04EFA9C8546AEB7B5EF89305F10856ED896B7350EB34AA45CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f3f066c5ffb881269ff5346a9b1b7baffc7c134a992da37010b54b8de01dcbf2
                                                        • Instruction ID: 7ab6c599e2195834b3f8fb2e179a7cfc242d71a0de561aeecbf7b1457e684d1f
                                                        • Opcode Fuzzy Hash: f3f066c5ffb881269ff5346a9b1b7baffc7c134a992da37010b54b8de01dcbf2
                                                        • Instruction Fuzzy Hash: 6751CD347002108FCB15EB7DC89896EBBEAEFC9605719446DE906DB361EF71EC018B81
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bcc70d64891addf20d3c8352cbd5c6125a89a06c2a972d94be4fb17e1dcd16ff
                                                        • Instruction ID: 70e661b26cf5157d678231ba35ab77177793bfeb9c16d26181cbd8a360d766b7
                                                        • Opcode Fuzzy Hash: bcc70d64891addf20d3c8352cbd5c6125a89a06c2a972d94be4fb17e1dcd16ff
                                                        • Instruction Fuzzy Hash: 8D81FB31A1470ADFCB00EF69C980599F7F5FF99300F21C659E519BB211EB70AA94CB80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e77ad8d5e2f95b71682119de9be4f5fbbca751db40fc35c2c067b779cf5c927a
                                                        • Instruction ID: 3910b076278a372e24f371ba35eb7c887051b56c1b611e51a7d62483e161b49e
                                                        • Opcode Fuzzy Hash: e77ad8d5e2f95b71682119de9be4f5fbbca751db40fc35c2c067b779cf5c927a
                                                        • Instruction Fuzzy Hash: 0081DA35A1470ADFCB00EF69C980599F7F5FF99300F21D659E519BB211EB70AA94CB80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1dfdaa6fc478c3cf6e72a4c88f2c3fed221d82c864f73dfa869402fb6f508c1c
                                                        • Instruction ID: 02db2c4549743b5c1f6e4948918e9588ba0c6d788e160e33ffeadaf8ed31dc4d
                                                        • Opcode Fuzzy Hash: 1dfdaa6fc478c3cf6e72a4c88f2c3fed221d82c864f73dfa869402fb6f508c1c
                                                        • Instruction Fuzzy Hash: 1151B131B006158FDB04EBB9D854A6EB7EBFFC8351B158569E406EB3A1DE74DC028B90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: de2d004165f031e4e504e5ff0059d7da3b2e569140168f404b4ddc88ee0c98b9
                                                        • Instruction ID: ff982854390c8797f4bbcf06ad486d93e6969588a286095e4ea5641768505d91
                                                        • Opcode Fuzzy Hash: de2d004165f031e4e504e5ff0059d7da3b2e569140168f404b4ddc88ee0c98b9
                                                        • Instruction Fuzzy Hash: A2711574E00209DFDB14EFA9D488AADBBF5FF88315F248069E425A7351D730A846CFA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e323ad006aed5e177c7e7e6001b3e030de63564edf2d8e54af3815dd3f09b6c3
                                                        • Instruction ID: d91b9caa5379b5c5a382896dc3ebedabf26315ce6a599ff2c3b0cf12d7141c5e
                                                        • Opcode Fuzzy Hash: e323ad006aed5e177c7e7e6001b3e030de63564edf2d8e54af3815dd3f09b6c3
                                                        • Instruction Fuzzy Hash: 08519974700204CFDB14EB69C494BAAB7EAAF89709F10456DE40ADF3A0DB75EC41CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2997cd5752b2e5503f6bc9f8c4171808e2575570a9a11e008fe73e56517a4d5
                                                        • Instruction ID: 77dc101ff956d985dcdcf87f976f7f2f50948373484308f1398b52a9846d8f18
                                                        • Opcode Fuzzy Hash: c2997cd5752b2e5503f6bc9f8c4171808e2575570a9a11e008fe73e56517a4d5
                                                        • Instruction Fuzzy Hash: CB610931D10619DFCB01EFA8C8949EDFBB1FF89300F01C65AE5556B265EB70AA85CB81
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c10d8a7884f9ae29499411d693c0f716a0120c5a7a341e57e25820cb8c51f10e
                                                        • Instruction ID: 883f4f4c6046e283c135907cbe65d1e6dde8f5f6780519ceacb9a2c2c3be9e45
                                                        • Opcode Fuzzy Hash: c10d8a7884f9ae29499411d693c0f716a0120c5a7a341e57e25820cb8c51f10e
                                                        • Instruction Fuzzy Hash: 5D611831D10619DFCB01EFA8C8849EDFBB5FF89300F00C65AE5556B224EB71AA85CB81
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cebb0959a5c4dcecb2cb429e45387237af8f7c8d35050e2583938c7dce0a5d25
                                                        • Instruction ID: d66fe391352c0c203afe07123ef7370cf4daac8b9ef9f56d52dbedcc25d0bdb2
                                                        • Opcode Fuzzy Hash: cebb0959a5c4dcecb2cb429e45387237af8f7c8d35050e2583938c7dce0a5d25
                                                        • Instruction Fuzzy Hash: 86512E35B10608DFCB04EFA8C8849ADBBF6FF89704B118569E509AB361DB71ED45CB80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 87324fa629f7539e95fe87958b3d3d7161603736503f9965d7b21473d4640ec1
                                                        • Instruction ID: 1799d894d56a9519467a3c183a532d163324f1f025bf59afc21a9bb6eb3285f7
                                                        • Opcode Fuzzy Hash: 87324fa629f7539e95fe87958b3d3d7161603736503f9965d7b21473d4640ec1
                                                        • Instruction Fuzzy Hash: 07511679A007058FCB20DF79D584AAEBBF1FF48211B108A2DD95AE3751DB74E9058F80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bc6edc12dadec7c552b5b0e61dc34be37453af5554387ec770b7ebb833dd7f7b
                                                        • Instruction ID: f319947220652bdd8e84981a7043f7828b5802575d86024c96f7147621b87afa
                                                        • Opcode Fuzzy Hash: bc6edc12dadec7c552b5b0e61dc34be37453af5554387ec770b7ebb833dd7f7b
                                                        • Instruction Fuzzy Hash: 63513C35B00614CFCB04EFA8C8849ADBBF6FF89704B118569E509AB361DB71ED46CB80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 35a0523ca0de0838fa4004dbb69fe6b19ad75ff4b01bbe83022c95ae0d09ac30
                                                        • Instruction ID: ec116ac6d1e0240a2f7854e3ec863e062344ff533469364d7400400fdeeb17e6
                                                        • Opcode Fuzzy Hash: 35a0523ca0de0838fa4004dbb69fe6b19ad75ff4b01bbe83022c95ae0d09ac30
                                                        • Instruction Fuzzy Hash: FB418F707007008BEB15ABB9941563A73EBAFC5759B24583CD406EB784EF29DC42CBA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7613c2cd14dc9b3314c7df6161ea91157f1ff6024b8989d26872ebd248557a9d
                                                        • Instruction ID: 0bfb943371de84f1a850f5b16590bed0dc83c089a762175a5d3efb0f69658822
                                                        • Opcode Fuzzy Hash: 7613c2cd14dc9b3314c7df6161ea91157f1ff6024b8989d26872ebd248557a9d
                                                        • Instruction Fuzzy Hash: 7751F675A0021ACFCF00EF68D5809EEBBF5FF48315F10852AE825AB204E731E955CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 177e0aa7c3c5c28e7cdb3264e6dbf9715ea433ed7fe408ca9b012046cd7eed6f
                                                        • Instruction ID: 8f5d0014f5c45d4b76b75aa7ef757835ff512e7fbd9d0fb09bde5277a6ae3ec7
                                                        • Opcode Fuzzy Hash: 177e0aa7c3c5c28e7cdb3264e6dbf9715ea433ed7fe408ca9b012046cd7eed6f
                                                        • Instruction Fuzzy Hash: A441A470E24609DFEB91AFE4C840BBBB7B1AB44286F448025F3579B291C734D949CB53
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7623193178c3060d9cc5674afd9608598ddf803c7e1361b5b54d0c586edb9bf
                                                        • Instruction ID: c968b7650628d3e2ccde4be5a98096274cc17fa862935fc0d64b7315dc9c6b7d
                                                        • Opcode Fuzzy Hash: d7623193178c3060d9cc5674afd9608598ddf803c7e1361b5b54d0c586edb9bf
                                                        • Instruction Fuzzy Hash: FB418934600204CFDB15EB68C494AADB7FAAF89309F14456DD40AEF3A1CB75ED45CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 442462891c00ee14ca2bba970994e805a4ea7a199ffd59df76db49a30feee317
                                                        • Instruction ID: 4480d88e9f03207a369676010f598bf2c21c4e9a2850e1111fd55ede1c1a83a8
                                                        • Opcode Fuzzy Hash: 442462891c00ee14ca2bba970994e805a4ea7a199ffd59df76db49a30feee317
                                                        • Instruction Fuzzy Hash: 0A41D171E3011ADFDBC1BFE4C954AEABBF1AB05240F584426F606AB295F6358D01CAC3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d04c6572285bcc4440d81206cb8592f877566ce9ed908576575c1f4080015157
                                                        • Instruction ID: c010862fa0c0aca90e9a448291d5f62951b65fcdad9dbf72c2b8d81c45a18a30
                                                        • Opcode Fuzzy Hash: d04c6572285bcc4440d81206cb8592f877566ce9ed908576575c1f4080015157
                                                        • Instruction Fuzzy Hash: 30417F70E24216DFDBC1BFE5C954AAA7BB1AB44340F540426F606EB295FA35CD10CBD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64a9c858e498198a5bb88cc964d04c4ff8c2d802e8537addf81bfc513a1281c6
                                                        • Instruction ID: ebaaff79957c5b31281293c639846ebee228bf97997aed730b1289ecb90ce6e5
                                                        • Opcode Fuzzy Hash: 64a9c858e498198a5bb88cc964d04c4ff8c2d802e8537addf81bfc513a1281c6
                                                        • Instruction Fuzzy Hash: 9E414934E102089FDB54EFA9D850AADBBB2AF89310F158569F501FB3A0DB74E841CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3973343794f536eddbb7f3ac795e6ea51e9604804b74f87647f17e07aa4fc313
                                                        • Instruction ID: a9e623516143eec11c40d11b9a757862613b199d56188f0753c4951f567f56bb
                                                        • Opcode Fuzzy Hash: 3973343794f536eddbb7f3ac795e6ea51e9604804b74f87647f17e07aa4fc313
                                                        • Instruction Fuzzy Hash: AC413630E102089FDB54EBA9D850AADBBB2AF89310F158569F501FB3A0DB74AD45CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d9b1aab1444da1637c948a2f17e7e160076a082851b875ed066290b44adb75cf
                                                        • Instruction ID: 75392d4e4d3c39b0e1193843599f5f1eb2203908bf96b057ddd40dc54d56b9e0
                                                        • Opcode Fuzzy Hash: d9b1aab1444da1637c948a2f17e7e160076a082851b875ed066290b44adb75cf
                                                        • Instruction Fuzzy Hash: 0C41BF34A006158FDB00EB6DC445AADBBF6EFC9311F15856AD00AEB361EB70DD81CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 49f2c4c880dc7d6b1159df293b919742ff63a1924fdb554732cbbead290b113f
                                                        • Instruction ID: dff82b6dc189ee77eacf17ab60de8d51f1d5cd5ecb6f1dbaf353f4b4f8edc332
                                                        • Opcode Fuzzy Hash: 49f2c4c880dc7d6b1159df293b919742ff63a1924fdb554732cbbead290b113f
                                                        • Instruction Fuzzy Hash: 0531CE71A2C25ACFE3D0BBE8C89067577B5EB55240B0480A7F7668A285CB74990287F3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bdbf3fd109166dca6efb46693068b1c67164ba658f62f0a37e7fbe1c2068875
                                                        • Instruction ID: 1ee00ee75390517f8c049dcad3e73a8c588a2709aa8ed37be0d3bbf28e6c936d
                                                        • Opcode Fuzzy Hash: 4bdbf3fd109166dca6efb46693068b1c67164ba658f62f0a37e7fbe1c2068875
                                                        • Instruction Fuzzy Hash: 3B21DD3292A3A45FF7027BB899302EE7FA28E82110B054887D1818F293D924494987EF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0bdec713f7ab114e7b3b4db3e3cde8ac071809acf6bdeb720446a36f9666dd22
                                                        • Instruction ID: aa96ae2019fb32ce017e7edcfff08548ee5c6db09d4da26347e9833db781cfaa
                                                        • Opcode Fuzzy Hash: 0bdec713f7ab114e7b3b4db3e3cde8ac071809acf6bdeb720446a36f9666dd22
                                                        • Instruction Fuzzy Hash: 763190317006109FD714EB79D848A6E7BFDFF89625B118569E40ACB3A1DB30DC42CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d8fe9af8f9d88b5565455958b27bc51025025fa39ab4f15d66aa56390e1c87a
                                                        • Instruction ID: f1d40f72b5ae083655a82e1de889a6912c65388907b8d3191c339fb8831e17c5
                                                        • Opcode Fuzzy Hash: 5d8fe9af8f9d88b5565455958b27bc51025025fa39ab4f15d66aa56390e1c87a
                                                        • Instruction Fuzzy Hash: F5412675E09208DFDB11AFA5D9949ADFFB2FF88300F224158D5417B256CB3198A1CF41
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c3ed675dbe296f4fa3f61ff1cec5e6682a72dfc8e9f995346dc4ca1928be4fb8
                                                        • Instruction ID: 437be5af2c036ebf02da51e254b8e46bf102678cda49e7c0f57beac4779d0f5a
                                                        • Opcode Fuzzy Hash: c3ed675dbe296f4fa3f61ff1cec5e6682a72dfc8e9f995346dc4ca1928be4fb8
                                                        • Instruction Fuzzy Hash: BC314A75904209AFDF10DFA9D884ADEBFF5EB48350F10842AE409A7310D774A940CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bfe1299acaba82b976b07bf005047bf10f654c4570961a396068f1d864893f7
                                                        • Instruction ID: 64058585bfd7c6bb5d9154f05b1fbda952f0192eebbcde8784e1cb48edaf6b8d
                                                        • Opcode Fuzzy Hash: 5bfe1299acaba82b976b07bf005047bf10f654c4570961a396068f1d864893f7
                                                        • Instruction Fuzzy Hash: A5315C356002149FDB04EFA4C984AEE7BF6EF89305F1580A9E905AB366DB35ED05CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f8305f262ee941872538782e0410fe237850b37ad1d85ea75d6863c98ce6d1bf
                                                        • Instruction ID: 11401c2adf622325f14454c7883b2e40bd2c9fa124a4c459098ef9453300b569
                                                        • Opcode Fuzzy Hash: f8305f262ee941872538782e0410fe237850b37ad1d85ea75d6863c98ce6d1bf
                                                        • Instruction Fuzzy Hash: 4731C570E14104CFE784ABD4D4507AEB7B2EB89314F149499E606AB342CB76DD42CF92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db2377349b43bbcaf481fdd56446e5da158e42b6104d3e96b20e2baf30b4f2d3
                                                        • Instruction ID: 850bdc158b51ea61e6b0bf5b17ff523364541dfee06db3bc41beae5f31ddd0ee
                                                        • Opcode Fuzzy Hash: db2377349b43bbcaf481fdd56446e5da158e42b6104d3e96b20e2baf30b4f2d3
                                                        • Instruction Fuzzy Hash: 5331D474B102149BEB54FBB99808A7FB6F7EBC4211B104929E51ADB380DE349D0187A2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2819f97ab183789cecbdb530e7970d7fce1e825422b255a2480feefec756f01a
                                                        • Instruction ID: 4c1811752fad4e7b44dba09c8e30d92cf18b960e46e15890a9a1e2eb5b904022
                                                        • Opcode Fuzzy Hash: 2819f97ab183789cecbdb530e7970d7fce1e825422b255a2480feefec756f01a
                                                        • Instruction Fuzzy Hash: 4E316370B34109DFEBD0BBD5D550A7E77B1EB89345B104425F716AB341DA7889028BE3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3efb3eaee76595ac8f874548c7aa364aa76f9d715cfb26b4f9461b1a017cf04f
                                                        • Instruction ID: 7bf7b9b9aabb085bc9d466f6a36cefb502364ed0d1e6eee4d243871ceaeb3fcb
                                                        • Opcode Fuzzy Hash: 3efb3eaee76595ac8f874548c7aa364aa76f9d715cfb26b4f9461b1a017cf04f
                                                        • Instruction Fuzzy Hash: 13318370B38105DFEBC0BBE4951097D77B2EB89345B104466F716AB341DB3849028BA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 456f40cf5d5a41e82fc22e171d49250a18e325d21c1fd6dd86770878c79d5fe2
                                                        • Instruction ID: d7359b0117b5fa2ee08bd9c4469665ad72bdf5dd50d6d4bc37bba06dacb64840
                                                        • Opcode Fuzzy Hash: 456f40cf5d5a41e82fc22e171d49250a18e325d21c1fd6dd86770878c79d5fe2
                                                        • Instruction Fuzzy Hash: 6931AD34B00215DFCB55EF69C840A6EB7EAEF8920AB24446ED806CB361DB31DC01CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 526935479aefb9522a97d85a5d6ef41df0d079827759a0903852b500c3abcfe4
                                                        • Instruction ID: a30d3910926b0824d53c454ff9e144cd47ffd1831146046b1e8e2ca23ce6ffe9
                                                        • Opcode Fuzzy Hash: 526935479aefb9522a97d85a5d6ef41df0d079827759a0903852b500c3abcfe4
                                                        • Instruction Fuzzy Hash: F7318F34B002119FCB55EF69C880A6EB7FAFF8521AB24446ED906CB261DB32DD01CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0058af97d6594dda488ec3272643ac36dcd9c57107c1781c40a37e8abcad4e05
                                                        • Instruction ID: 14d1a8a52434df7a4defc7d06e5be5a5b018396f78828677f2c28dd6f16957ac
                                                        • Opcode Fuzzy Hash: 0058af97d6594dda488ec3272643ac36dcd9c57107c1781c40a37e8abcad4e05
                                                        • Instruction Fuzzy Hash: 8A310939A10219EFCB04EFA8D885DADB7F5FF88705F1185A9E905AB361C730A804CF90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d43cea0fcc9ecc79cbf225e05447e07c77de6e2ab0f1ae6bd18f3d99926b34e6
                                                        • Instruction ID: 9263267af2e9369d32f37f80db4f64102e68111d9bbe8f7ff6c1323eb518897e
                                                        • Opcode Fuzzy Hash: d43cea0fcc9ecc79cbf225e05447e07c77de6e2ab0f1ae6bd18f3d99926b34e6
                                                        • Instruction Fuzzy Hash: D0212FB1B2411ACFDB94BBFAE81866E77B6EF85742B105425E603DB340DE754C018BE2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b35b7ff9269f4d6895ee83cb5a54a52cfacf4134d50d8e1034cb0ffb547e79bf
                                                        • Instruction ID: 2c54f2ac1a7a4eb65207d0961c8df03f95334648445f7c513a7eb16e5ae641d3
                                                        • Opcode Fuzzy Hash: b35b7ff9269f4d6895ee83cb5a54a52cfacf4134d50d8e1034cb0ffb547e79bf
                                                        • Instruction Fuzzy Hash: 21315C75904349DFDB10DFAAC844AAEBBF4FB49310F10846AE819A7341D774A941CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 600909b3d05786485d2737267104948a6f013bd5a1f72928ded5d1c30ee6601f
                                                        • Instruction ID: a51db12df33c4baf837bddbb93fba1986926cb4b597f3f08c2c089b9fa03540a
                                                        • Opcode Fuzzy Hash: 600909b3d05786485d2737267104948a6f013bd5a1f72928ded5d1c30ee6601f
                                                        • Instruction Fuzzy Hash: EE21F53AB006108FEB24DB29C89157E77EAEFC4315B28846ED547D3794DA34ED818BA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e851fb8027893d7288a8d226fe0bba1daabdf7c5e39474d16b8ff01c3a220f79
                                                        • Instruction ID: c00573899c5bd6c66d028c8fab591f385ac85d0632e4ba3b5633c6d86ec74f36
                                                        • Opcode Fuzzy Hash: e851fb8027893d7288a8d226fe0bba1daabdf7c5e39474d16b8ff01c3a220f79
                                                        • Instruction Fuzzy Hash: CE31E5B4E212099FDB44EFE8D8845EEBBF6AF48310F104465E605E7250E7359A518FA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: faa0d79757fe730cac7890f5bdce5b58333def4cbb743d4fff2361c15cddfa5a
                                                        • Instruction ID: e716a38ea6831ae5ab38d4e486381fe644626f05a252fad22edaa10245e37de3
                                                        • Opcode Fuzzy Hash: faa0d79757fe730cac7890f5bdce5b58333def4cbb743d4fff2361c15cddfa5a
                                                        • Instruction Fuzzy Hash: 282152B5A24119CFDB84BBFAE81866D7BB2EF85342B105426E607D7340DE744C0187A2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: faaf15bd97b883523dd814f0508a4ac3c9314bf4a66c3416a9cfcedf74fffce7
                                                        • Instruction ID: 4136d09c8f02f1b24cdcad0cd5c67623dc744d0b5abba2fa2ea2af7ca3a9a6c1
                                                        • Opcode Fuzzy Hash: faaf15bd97b883523dd814f0508a4ac3c9314bf4a66c3416a9cfcedf74fffce7
                                                        • Instruction Fuzzy Hash: 31219C31B28204DFE79877D9D81077672F6EBC4350F24C86AF2039B695CA719C028BA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9695ba7d8be8925fa2e058cd6dbe035dadebd4f8aaaf6159a82c929ee307c2a9
                                                        • Instruction ID: c8bb8e76e639fb2b464ce1b7b81df02bfb43e447679c34de47d6852ee7c45e46
                                                        • Opcode Fuzzy Hash: 9695ba7d8be8925fa2e058cd6dbe035dadebd4f8aaaf6159a82c929ee307c2a9
                                                        • Instruction Fuzzy Hash: 0031D470E18104CFE784BBD8D4507AEB7B1EB85314F1494A9E616AB342CB76DD02CF92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2cbf32c78fbb5f68983d96bbffff2bee4fd7df01ba811b291efc60afa22a96a
                                                        • Instruction ID: 2294c19391b15ad45383f99f97f5ce8efe3cfb40f264e651c0b63a18520d399d
                                                        • Opcode Fuzzy Hash: c2cbf32c78fbb5f68983d96bbffff2bee4fd7df01ba811b291efc60afa22a96a
                                                        • Instruction Fuzzy Hash: 1E2101393002108FD715EB29D840F5A77A6EFC4315B1A856EE446CB365DF31EC068BD5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 01d8de4267250d42b64b25edd22043973d71e39f91d27db32c6abfced5757d71
                                                        • Instruction ID: 35bf4909542e7eace52caf545f4c7bd562b948dabb38468f0bcbaa61b1ff17e1
                                                        • Opcode Fuzzy Hash: 01d8de4267250d42b64b25edd22043973d71e39f91d27db32c6abfced5757d71
                                                        • Instruction Fuzzy Hash: 5D21F33A7106108FEB24DB69C88157EB7EAEFC4329B28842DD147D3794CA34ED8187A1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d7f75424dfe6a45376148c496e219c0c402ae4028266cce0601998a564442309
                                                        • Instruction ID: 4639cc76495cedbd388fcc33dfc2805b9a6401c3fa48614beef80e62cc50fd48
                                                        • Opcode Fuzzy Hash: d7f75424dfe6a45376148c496e219c0c402ae4028266cce0601998a564442309
                                                        • Instruction Fuzzy Hash: 31210A30E20205CFDB657FF4C8A41ADBB71EF41204F50496AE6866B246E731D914CBF6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af5c210136fa7f47488eaa93113945b79f0174b4dd8424fc937490b3e4dae08b
                                                        • Instruction ID: 1af1ae1d4384949f85b74ce1ce21a4d7b04cabd8136dd7e7274247af063e64ef
                                                        • Opcode Fuzzy Hash: af5c210136fa7f47488eaa93113945b79f0174b4dd8424fc937490b3e4dae08b
                                                        • Instruction Fuzzy Hash: 7F21AE71B28200DFE7957BD9C81067673F2EB80350F1584A6F2025F695CA719902CBA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b2e8aa657f7b8980c0695cddb10668552e99fa912da9bf72bbf9490fd718795a
                                                        • Instruction ID: 2b40ab8a3ae1ab907a2c7de9cd623ef8c513651a6d6fd801b47de65574724078
                                                        • Opcode Fuzzy Hash: b2e8aa657f7b8980c0695cddb10668552e99fa912da9bf72bbf9490fd718795a
                                                        • Instruction Fuzzy Hash: 47213B34B00615CFDB00EB69C454AAEBBF6EF88301F15415AE50ADB361DBB09D85CBD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e09cfdd9e1f131ff8ae1aaf41d68ba3fa0d4ade232bfb51ac64235aa97453503
                                                        • Instruction ID: 17334f3a3612c6fb8a3ea587ae1565e5f5da774fd6003fea2541cdd3097bd434
                                                        • Opcode Fuzzy Hash: e09cfdd9e1f131ff8ae1aaf41d68ba3fa0d4ade232bfb51ac64235aa97453503
                                                        • Instruction Fuzzy Hash: 7C219235E106198FCB50EFF8C4446ADBBF0FF89310F00416AE919E7250EB309A45CB92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9a92eaa95cb679c3af3a2f25e95de1761bb1dc52e8398e030555a69a61b80f1f
                                                        • Instruction ID: 067159e7719323a8be86c54210f216294b5c94449468b1aa28cddccae6b9f7ed
                                                        • Opcode Fuzzy Hash: 9a92eaa95cb679c3af3a2f25e95de1761bb1dc52e8398e030555a69a61b80f1f
                                                        • Instruction Fuzzy Hash: 58210672508344DFDB05DF50ECC0B6ABB65FB88314F24C569EA051B266C336D816CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 46e06354eeb437be87f3b1d0bde51297261b718f08e399c99269dde68d235e76
                                                        • Instruction ID: f89c57eaf81e926c60e30478dd398db1c80c1d300164991215e53e5a2a70c6db
                                                        • Opcode Fuzzy Hash: 46e06354eeb437be87f3b1d0bde51297261b718f08e399c99269dde68d235e76
                                                        • Instruction Fuzzy Hash: 9D213371548240DFDB01DF10ECC0B66BB65FB88318F34C569EA091B246C376D856CAA2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d5b4e0d16b0d112a37fa1a8e5ecfa78bd51bc4958f546c0ac901cfc225525f9a
                                                        • Instruction ID: 640dce895243904292db26e034213a876776ceaf93266bb04597ddc2e84195ba
                                                        • Opcode Fuzzy Hash: d5b4e0d16b0d112a37fa1a8e5ecfa78bd51bc4958f546c0ac901cfc225525f9a
                                                        • Instruction Fuzzy Hash: B02108343007008BE728BB759454A3A73EAAFC965EB14486CC956DBB94EF76E842C790
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 60f35a9f9e3fa833ccbece65170e1888e4f51111d292f3aa6d90a08bd5ded0a2
                                                        • Instruction ID: 7a7a855d0e809e094c7361fff687368320aad3565dccc33e5f9e5019148b08f7
                                                        • Opcode Fuzzy Hash: 60f35a9f9e3fa833ccbece65170e1888e4f51111d292f3aa6d90a08bd5ded0a2
                                                        • Instruction Fuzzy Hash: 8B21E771A1E3819FC7836BB4DC645957FF0AB4324071A04D7E195DB1A3E1A84918CBA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c57e72eec6833dad6e8009d73e68cf8d4688b6d10664f23870723730e3f2465c
                                                        • Instruction ID: e872a9b19f1bf3552d12e5b61cffbb9adcdacce63bc5cf570859a56e596223e9
                                                        • Opcode Fuzzy Hash: c57e72eec6833dad6e8009d73e68cf8d4688b6d10664f23870723730e3f2465c
                                                        • Instruction Fuzzy Hash: 0C21D135600205DFCB14EF69D4846AAF7F6FF8431AF10C829E819AB250E735E954CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378313900.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e3d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 837c3f791f6c1881aaf90d5233946e068246417f1b0a83925cd4a2c52ff2e170
                                                        • Instruction ID: 5c8ad8a2d4aaae708947f41c851b68a6266128499b6dc1c9153f94ff6c03261a
                                                        • Opcode Fuzzy Hash: 837c3f791f6c1881aaf90d5233946e068246417f1b0a83925cd4a2c52ff2e170
                                                        • Instruction Fuzzy Hash: 32210471508344EFDB05DF50E9C8B26BFA5FB84318F24C5ADE8095B2A2C736D856CA61
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378313900.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e3d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 96df8984faa96727e1773702cb63e671b453f8c92c9ed607e85b7357b92fc263
                                                        • Instruction ID: 1f244adb1cc3c0a9c6e63be9a437ebad41f685dbe665984db59209cf0bdd6b78
                                                        • Opcode Fuzzy Hash: 96df8984faa96727e1773702cb63e671b453f8c92c9ed607e85b7357b92fc263
                                                        • Instruction Fuzzy Hash: 9B21F571508344DFDB18DF10E9C8B16BF66FB84718F24C569D84A5B296C336D847CE61
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 10dcc78a88ee19e8d35440e6ab7eb10b987225cba1eb48c148cce8a13a14c062
                                                        • Instruction ID: 0c0d8e19366cb81dcd6f373d1e9a7e04a4fab162a8d9cdaba74203f98356fa76
                                                        • Opcode Fuzzy Hash: 10dcc78a88ee19e8d35440e6ab7eb10b987225cba1eb48c148cce8a13a14c062
                                                        • Instruction Fuzzy Hash: 4D11967656F3E02FEB43BBA898701DE7FA19E5316470998C3E1918A063E414584ED3EF
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 221915256b0eae277862945807e45dc8b5c6d45e7c86d3df2271eff113438bfd
                                                        • Instruction ID: e34ff73698cedf117fe9172d8a03e594b32f74506684513de3077d8f0b00271c
                                                        • Opcode Fuzzy Hash: 221915256b0eae277862945807e45dc8b5c6d45e7c86d3df2271eff113438bfd
                                                        • Instruction Fuzzy Hash: 6221F8B4E202099FDB44EFF8D4946EEBBF1AF48310F108465E505EB250E7359A518FA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cd0673531e8a92f5bd606718751b6c6fc41c86b3dc6d0e08ec67c8b29494cee9
                                                        • Instruction ID: e76c689038d16b056c3d5a4fbde18c0703b3100ad0d09ab0ec0866a3bb6e5f0f
                                                        • Opcode Fuzzy Hash: cd0673531e8a92f5bd606718751b6c6fc41c86b3dc6d0e08ec67c8b29494cee9
                                                        • Instruction Fuzzy Hash: 34214C75A102058FCB44EFA9D8849AEB7F9FF88210B104279E905E7315EB30E945CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 38c32952026080dc3fa6da3e811ffb3d0087bae83ec239e9962dc7a6078c79d8
                                                        • Instruction ID: 41506797183e131becbd0ac72fce393b82101ec8d55ba33b2ef86ae8f455067e
                                                        • Opcode Fuzzy Hash: 38c32952026080dc3fa6da3e811ffb3d0087bae83ec239e9962dc7a6078c79d8
                                                        • Instruction Fuzzy Hash: E2211275E102058FCF44EFA9C8948AEF7F5FF89310B118669E905B7315EB30A945CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7dba444dc4e48babdcb5729e5051db53538f00b720c6d07f36c028c40e505eba
                                                        • Instruction ID: 2fc8abd9320783a9d6ffe4c662578bd1617d0007b1e0f0248e5294913be780fd
                                                        • Opcode Fuzzy Hash: 7dba444dc4e48babdcb5729e5051db53538f00b720c6d07f36c028c40e505eba
                                                        • Instruction Fuzzy Hash: B11194317005108BDB18676EE45486DB7DFFFC462BB14447AE11ACB760CF25EC428B80
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: dbc00aa3aa6d77560db1e82deb148a4d6639e6ca0ba6f82e60f43a813e51f730
                                                        • Instruction ID: 434586b092502af09f22e443033c48a3a3cd1bbb3b71fad141b13e6b318153bc
                                                        • Opcode Fuzzy Hash: dbc00aa3aa6d77560db1e82deb148a4d6639e6ca0ba6f82e60f43a813e51f730
                                                        • Instruction Fuzzy Hash: DB11C175B00925DFCB14EB6AD884D6E77EAFFC86517018569E905DB321DE31EC018BD0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2f2f150603f04c2cae287b3f5006bc1b85a610bce000dec3cc39ac0d034d2d04
                                                        • Instruction ID: 3da4bc9a9cf7c8650f75c4079bb67e8feaaaf5a07bbae9aaeae1d8477043292e
                                                        • Opcode Fuzzy Hash: 2f2f150603f04c2cae287b3f5006bc1b85a610bce000dec3cc39ac0d034d2d04
                                                        • Instruction Fuzzy Hash: EF31DDB0C01658DFDB20DF99C988B8EBBF5AB48314F24846AE408BB241C7B59845CFA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: affdec125c765e9badc232d496f95c3e2cf82161eb92a0152030231bc2e3194f
                                                        • Instruction ID: 59c5aa991c64e03751b7b8a423a79492f069e744e59bed916d3995f2cf32488e
                                                        • Opcode Fuzzy Hash: affdec125c765e9badc232d496f95c3e2cf82161eb92a0152030231bc2e3194f
                                                        • Instruction Fuzzy Hash: D411067092DB44EFE7D1B7E4A8006653BF59B42244B1440FBF3768A142C33FA80286E3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 06f5e239577dcd3fdec1d0a6ab0106965f7e4018cf93f587224cd29c8f6b3131
                                                        • Instruction ID: 59e7ed3b9981f70fcf06d554c34e143b484216899d343c4dddcaa7c2978e54ca
                                                        • Opcode Fuzzy Hash: 06f5e239577dcd3fdec1d0a6ab0106965f7e4018cf93f587224cd29c8f6b3131
                                                        • Instruction Fuzzy Hash: 2521E5B5D013099FDB10DF9AD584A9EFBF8FB48314F24842EE519A7340D375A944CBA4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 54dc6332989a69a2ab686a41d5be7529c29d1adda6488c9e097de588136142b4
                                                        • Instruction ID: ab54a10e78044fe058526ba13549cc45559a9de546a99297e9a49c2ffba1edad
                                                        • Opcode Fuzzy Hash: 54dc6332989a69a2ab686a41d5be7529c29d1adda6488c9e097de588136142b4
                                                        • Instruction Fuzzy Hash: 6821F575A002189FDF08EBA8C855AED77F6BF89705F214068E501BB3A0DB759D01CBA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: be439e0e9683ea2e6ddcfd705d44484511545369a063048cf8ccdfa08edfd584
                                                        • Instruction ID: e048e3ca56a3796e72e7ec541cf7b110198ccda0991488798b838b5c3f72e017
                                                        • Opcode Fuzzy Hash: be439e0e9683ea2e6ddcfd705d44484511545369a063048cf8ccdfa08edfd584
                                                        • Instruction Fuzzy Hash: 4B11BF763006109FDB14EB28D884E6E77EAEF89655B15456DE006DB360DF31EC01CBA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 04d2d0c871a44744a46c000e799b767b26a4898ede7c4eb293b5e67c2df00b33
                                                        • Instruction ID: 4557dbf470904807a8b1e049520c7c2f45c5e3ab476780c7bf6ea0b7478d0cea
                                                        • Opcode Fuzzy Hash: 04d2d0c871a44744a46c000e799b767b26a4898ede7c4eb293b5e67c2df00b33
                                                        • Instruction Fuzzy Hash: EE21BDB4C01718DFDB20DF99C984B8EBBF5AB48314F24806AE409BB290C7B55845CFA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 57b5c1926976529f0274c437fa219c4ea889cfda84f2f6792c72ddeed1eeded8
                                                        • Instruction ID: 9ca4b0607549b0a6266479f451777f60dccdf5465286f8531d719805290a0e6a
                                                        • Opcode Fuzzy Hash: 57b5c1926976529f0274c437fa219c4ea889cfda84f2f6792c72ddeed1eeded8
                                                        • Instruction Fuzzy Hash: 6621E0B5D013099FDB10DF9AD884A9EFBF8FB48314F14842EE419A7340D379A944CBA4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b343fc318568010790ea3d79a993d5dbe84c345670feb4ac556e00ea1eedd497
                                                        • Instruction ID: 5d9aacbc53cfec593df3ce8f629f666aae0e3800d57679ea492d27ebd7695094
                                                        • Opcode Fuzzy Hash: b343fc318568010790ea3d79a993d5dbe84c345670feb4ac556e00ea1eedd497
                                                        • Instruction Fuzzy Hash: D7213030910608CBCF14FFA8C9556DEB7F2AF4A300F10866DE5467B250EB75AD48CB92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378313900.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e3d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 793dc1a7373e407b94410a2c092a9ba6639665b9184d7d370ae40f088c20b979
                                                        • Instruction ID: 14ca4ec35ab58029b0c6efd096e83b979b3d83245d916f7d777f47ec06edd606
                                                        • Opcode Fuzzy Hash: 793dc1a7373e407b94410a2c092a9ba6639665b9184d7d370ae40f088c20b979
                                                        • Instruction Fuzzy Hash: C421837550D3808FCB06CF24D994715BF71EB46314F28C5DAD8498F6A7C33A980ACB62
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c73be65ed5eff0d410cbdb1739b2b5c2d120b8e631f096c38ba504dd5af1354e
                                                        • Instruction ID: cdb1c23054a16e2a7a0fd52867ae6ddf912df648b41b5241cadcc34cccd5dff9
                                                        • Opcode Fuzzy Hash: c73be65ed5eff0d410cbdb1739b2b5c2d120b8e631f096c38ba504dd5af1354e
                                                        • Instruction Fuzzy Hash: EC119AB2D00209DBDF14ABA8D4586EEBBB5EF88312F14853AD8017B280DB755944CBE0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f24f03ff3f04471fe3260b1f3bc63864c871582b576cbe40572ab41bdf0d0c8b
                                                        • Instruction ID: 332f851349212b2d631338df0adc4710d80a475925650e4429130b41a3636ce3
                                                        • Opcode Fuzzy Hash: f24f03ff3f04471fe3260b1f3bc63864c871582b576cbe40572ab41bdf0d0c8b
                                                        • Instruction Fuzzy Hash: AA21F735A00118DFCF48EBA8C854AAD77F6FF89305F214468D401BB3A1DB759D01CBA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0d44e42d1ca1edae79b348269d21c5c1757547fc6b2499a41780e1861eb9c9a9
                                                        • Instruction ID: 8cea3c155e47afa7ddc63ac2478296f7c95420716f927bf936f1ba6b1834dedb
                                                        • Opcode Fuzzy Hash: 0d44e42d1ca1edae79b348269d21c5c1757547fc6b2499a41780e1861eb9c9a9
                                                        • Instruction Fuzzy Hash: 72115E763006109FDB04EB68D884E6EB7EAEF89655B15456DE506DB360DF31EC01CBA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6b8b381167e5105dd6dd035c84ddb379dfb85ff29e92a99bc517bfc1f0c7879b
                                                        • Instruction ID: f7c316825f487355ac4f1647eb8e3f210f16caa5caf7f70b713275e1474b839a
                                                        • Opcode Fuzzy Hash: 6b8b381167e5105dd6dd035c84ddb379dfb85ff29e92a99bc517bfc1f0c7879b
                                                        • Instruction Fuzzy Hash: 8511E072F00106EFCB917FD5D9145EEBFF0EB80341B2008A1E189B3281E27186348BD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ec53dd15504e99e1f34f3fd0cb89baa308a6c69acc835662563325e5faab34d6
                                                        • Instruction ID: cef39d9f2b6ca6c178be3e69ac54329206ab85a4634d1d0537f4d7410e655940
                                                        • Opcode Fuzzy Hash: ec53dd15504e99e1f34f3fd0cb89baa308a6c69acc835662563325e5faab34d6
                                                        • Instruction Fuzzy Hash: 6721EAB5E002199FCB45CFADC8849AEBFF1FF89210B14816AE959E7311E7309901CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed29246a7775b662164c3cb58fe1c3b78f966b8da13fcad11f443926b33f3d7c
                                                        • Instruction ID: 030cc6341b049387af4585127afdefdd9f9343e1e936cd227ab5e977ae0dff20
                                                        • Opcode Fuzzy Hash: ed29246a7775b662164c3cb58fe1c3b78f966b8da13fcad11f443926b33f3d7c
                                                        • Instruction Fuzzy Hash: 5D1182B0929205DFE3D9EBECB910265BBB5AB09344F04417AF619DB242DB74C941CBE3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 19975d5e31a2301eddca082bbaf45c1246e534ff404c2278d30c2200c4370efb
                                                        • Instruction ID: 7360fcac7d84da0a595e87c666d610c2a3b2d36bc4db65cf957b8d031b9732ed
                                                        • Opcode Fuzzy Hash: 19975d5e31a2301eddca082bbaf45c1246e534ff404c2278d30c2200c4370efb
                                                        • Instruction Fuzzy Hash: 6F113D71E102198BCB94EBE998106EFBAF6AFC8350B504069D515EB250EB328D01CBA2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7dd617c1c31b30146e059ae9012713924d892433faeb73f3ab186435e449ff56
                                                        • Instruction ID: 6bcce076ebafd49fc10f555fb1be9c3c6d67cc87c84f9d82d55c05328ff3d7d6
                                                        • Opcode Fuzzy Hash: 7dd617c1c31b30146e059ae9012713924d892433faeb73f3ab186435e449ff56
                                                        • Instruction Fuzzy Hash: 0421F175E0051A8FCF44CFACC4449AEBBF1FF48314B14816AE919E7355E7359912CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ed0f3fce447762d3f83fe3b809724bb44dbd52a3cb284b4bb8ab25cb50f7902b
                                                        • Instruction ID: a330134ca2f2adf2d63d554372e1c53528ef45c8a8f886f14342f8625fa0ae90
                                                        • Opcode Fuzzy Hash: ed0f3fce447762d3f83fe3b809724bb44dbd52a3cb284b4bb8ab25cb50f7902b
                                                        • Instruction Fuzzy Hash: F511C675B107458B8B55EBB88C405BFB7F7EFC42507254929D514DB341EF308D0587A1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5dce05a956da371322a9adc0a0d4b4c51a05561a1f56c2dd05ac87206c169886
                                                        • Instruction ID: 5fd09efbd0afa7e247c10f875d063c036c49bc491254223e6150b47981a6781a
                                                        • Opcode Fuzzy Hash: 5dce05a956da371322a9adc0a0d4b4c51a05561a1f56c2dd05ac87206c169886
                                                        • Instruction Fuzzy Hash: CB21AF76508240DFCB06CF50D9C4B56BF72FB84314F24C5A9DD091B666C33AD866CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5890db8ef27525cb5135fcd84409b66b3c88b29a77864abb49f02db0f3ef4f5b
                                                        • Instruction ID: 5602d00212e808c8a20da7e71bdc42cff5cb0172bf60ded957260afd29c2b254
                                                        • Opcode Fuzzy Hash: 5890db8ef27525cb5135fcd84409b66b3c88b29a77864abb49f02db0f3ef4f5b
                                                        • Instruction Fuzzy Hash: 262100B5804349DFDB10DF9AD884ADEBBF4FB48310F10842AE91AA7340C379A955CFA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                        • Instruction ID: a8cb352fefaabd4856de04c0ed0d61f638716bc95f8c15f6be3cf05a3e18a067
                                                        • Opcode Fuzzy Hash: f4ddf6aab7a4ec5fdcafc4d9db3305c30ac7726daeb53e4266b93089bec5e780
                                                        • Instruction Fuzzy Hash: F0110372408280CFCB01CF10E9C0B56BF71FB84328F24C6A9D9094B656C336D856CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f965cc6277fa6750fe18a4e4d7c099e9449b10a84de0469e0cdc68cb351fb66
                                                        • Instruction ID: 0e3bb1b459c4861412a0806f4f6c0b1ac0797dd9a1a5f01fbc27ed47e4985d7f
                                                        • Opcode Fuzzy Hash: 6f965cc6277fa6750fe18a4e4d7c099e9449b10a84de0469e0cdc68cb351fb66
                                                        • Instruction Fuzzy Hash: 481102305002049FEB24EB6AC844B5A73FAEF85319F1059BDC401EB661DB31E88ACBD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3f9c9a0e70c17520484a6ec57a33f0f619218933f8f72188fb08c5e3da68d17c
                                                        • Instruction ID: 7295de277c5535866acf5e02ba6d3afdd7b5f411d42465e12a856a75882ef186
                                                        • Opcode Fuzzy Hash: 3f9c9a0e70c17520484a6ec57a33f0f619218933f8f72188fb08c5e3da68d17c
                                                        • Instruction Fuzzy Hash: 7C012831300610CBCB24B71AE484A6E73ADEFC5616B1415BED605DB2A1CE76DC47C7E2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cc7b84fc650be65a18c1732c0f4f6b202655c2866913acd8cc81b6aab3accb2e
                                                        • Instruction ID: 3c9afe91058abf4f2ddfdd36aecabfc55a4f1d281370171354596803f6fdde53
                                                        • Opcode Fuzzy Hash: cc7b84fc650be65a18c1732c0f4f6b202655c2866913acd8cc81b6aab3accb2e
                                                        • Instruction Fuzzy Hash: 2011C3B1D006188BEB18DF9BC9443DEFAF7AFC9300F04C16AD5096A264DBB509468F91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ccd8954be313fb3560ea470a48d4c3362d1aaba50dcf1ed37faa1cd46bd755c9
                                                        • Instruction ID: 2fcdbfcf0750a0869a3e9a9af24e94ea46f0480f847038479ee1130cb9baefd5
                                                        • Opcode Fuzzy Hash: ccd8954be313fb3560ea470a48d4c3362d1aaba50dcf1ed37faa1cd46bd755c9
                                                        • Instruction Fuzzy Hash: 2211C2306002049FEB24EB65C844B5A73FADFC5319F1055BDD402E7661DA31E94ACBD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378313900.0000000000E3D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E3D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e3d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                                        • Instruction ID: fbc62eccb7a4d21a7a28aa729be1192ec680808055ceea3861565b1a70c231b0
                                                        • Opcode Fuzzy Hash: 0571d9b095afed8b546122286ae05565a289416437c47d1601190cbee81fcf2c
                                                        • Instruction Fuzzy Hash: 9B118E75508240DFCB15CF50D9C4B56BF61FB84318F24C6A9D8494B6A6C33AD85ACB51
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 797d583dc48644ca9c3319e58d729d5e34956d6144c9a62f144ca4be8893447d
                                                        • Instruction ID: 58d85099218bc37ff54b90057db355219fe6882b84a1055f72ad8cb34f4922cd
                                                        • Opcode Fuzzy Hash: 797d583dc48644ca9c3319e58d729d5e34956d6144c9a62f144ca4be8893447d
                                                        • Instruction Fuzzy Hash: BF1189B5E0051A9F8B44DFADC9449AEBBF5FF88310B10816AE919E7315E7309911CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 07e84398fe1f50f09ec60d9d58acb4ee03f1806334b392ed55b459430ca3624f
                                                        • Instruction ID: 16aa390441b231044338e0166d6c34aa7b4d55573a0ec93a1433b2fda42fedd7
                                                        • Opcode Fuzzy Hash: 07e84398fe1f50f09ec60d9d58acb4ee03f1806334b392ed55b459430ca3624f
                                                        • Instruction Fuzzy Hash: 6B01497095C3849FD751ABA4E8206A8BF718F47341F048069E6014F252C776C84BC773
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 775785d787858059037700d70a86b0faf313362cef9b7236d9757c6408ef45ea
                                                        • Instruction ID: 6f477f7d490d8c9d298972627dcb7111c54ae7d45699cf8a99d2c9e13f5a559f
                                                        • Opcode Fuzzy Hash: 775785d787858059037700d70a86b0faf313362cef9b7236d9757c6408ef45ea
                                                        • Instruction Fuzzy Hash: DA118E74E0021A9FEB44EFA8CC416AEBBB1AF49314F104629D525EB290DB759946CBC2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: af189d6a2574c1f4588f1327dcfe9668bd12119ab227fc50c54dc6477359c575
                                                        • Instruction ID: bb2fd8aaca1579b8b47133abc267df72e2ae1a99bbc85e26aeb99c796e977c2e
                                                        • Opcode Fuzzy Hash: af189d6a2574c1f4588f1327dcfe9668bd12119ab227fc50c54dc6477359c575
                                                        • Instruction Fuzzy Hash: D3115E70905608DFDB10DF5AC888BDDBFF5BB98369F24C169E418AB290C7714580CF94
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b1437a877f0616e102d0ef028dc95410c94e96f185ce50e2371c1d8c02d09f01
                                                        • Instruction ID: a03e3247455ff30134333d38a608c4f395cb49aac0c9e3f8597c27a703b78479
                                                        • Opcode Fuzzy Hash: b1437a877f0616e102d0ef028dc95410c94e96f185ce50e2371c1d8c02d09f01
                                                        • Instruction Fuzzy Hash: AF112232E2474ACFCB00AF64C8442D8BB32FF95304F198A6AE0056B255D774A499CB40
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a514a29cd8d8af50dbc43dbe0ae92253d8853c5174cdf0d6f91b4b34dc29a2af
                                                        • Instruction ID: 01f6a4822f27aa4a405b8ec0cca1a554c2a7fe68dc0ebc3918edb61c59e50a1a
                                                        • Opcode Fuzzy Hash: a514a29cd8d8af50dbc43dbe0ae92253d8853c5174cdf0d6f91b4b34dc29a2af
                                                        • Instruction Fuzzy Hash: 7801D63150C3549BF7109F26DDC4BA6BB98DF41324F18C56BEE096A286D67D9840CAB2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 0c0daadfef6db4546d079ff4f69219d3ec46c5347219ee7ee7c6a68575d2d40e
                                                        • Instruction ID: b35bcfa61726f27720fca7af6e7523fdd4a992bd3649579b3572467fa2f4bdf1
                                                        • Opcode Fuzzy Hash: 0c0daadfef6db4546d079ff4f69219d3ec46c5347219ee7ee7c6a68575d2d40e
                                                        • Instruction Fuzzy Hash: 2C016D393006008FDB19EA2DD451E6E73E6FFD4615B1A846DE546CB364EF31EC068B94
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fb23e2ace18e68c6536d34fb3a320f6b43ee1373497a5e39764b607f7d575035
                                                        • Instruction ID: 8e4fd62d6bf5bb84aab3544d7fd57fc1183efd55f5cabf4614017f13451c9ec5
                                                        • Opcode Fuzzy Hash: fb23e2ace18e68c6536d34fb3a320f6b43ee1373497a5e39764b607f7d575035
                                                        • Instruction Fuzzy Hash: A801F13291434A9FCF119FB4DC888D9BB36FF96304B14866AE04566111D770A49ACB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 595316cc71a8a27bc6d7be5b11112f6bef77eba79a3448805e7227b72d3a4f1a
                                                        • Instruction ID: fd4f2b18bced7cb8dba1dbf26eb682b43841a90bfdd75fa35f023775b65c73b8
                                                        • Opcode Fuzzy Hash: 595316cc71a8a27bc6d7be5b11112f6bef77eba79a3448805e7227b72d3a4f1a
                                                        • Instruction Fuzzy Hash: 8D018CB0E0021A9FDB44EFA8C8517AEBBB1AF49344F104529D515BB394DB799A06CBC1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1495432a0b64d45da582ba6497a5b90d2c623a1bcc6d31e9a601a958ae93078b
                                                        • Instruction ID: 8970d0d34ecf1ad1ccb23ed97062b9026012792950ce42719283599386e3dfd5
                                                        • Opcode Fuzzy Hash: 1495432a0b64d45da582ba6497a5b90d2c623a1bcc6d31e9a601a958ae93078b
                                                        • Instruction Fuzzy Hash: DF01DA72D1020AAFDF50DF99D9459EFBBF8EB48310F10452AFA14F7241E730AA548BA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 753d2099ef19e7863c3d92b46b794d01b602e283cd674e889ca860508de2a8f4
                                                        • Instruction ID: 0a1a0e50cd052048f814d4501ee14172189cc44dd94304f3095e5765a08b224d
                                                        • Opcode Fuzzy Hash: 753d2099ef19e7863c3d92b46b794d01b602e283cd674e889ca860508de2a8f4
                                                        • Instruction Fuzzy Hash: B9F05033344518A7E92677DCF0403FC7B9CE7C033BF14055BD11EC25A0CA15998102C1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d1e1dbe9b9be2b3d918962546ea5dcd871a1f7c2c21200a902bc86f54315d8b
                                                        • Instruction ID: 52e49375b0511f671fae23023c599e200ec8c405b16b2a115c20ab53a8640ce4
                                                        • Opcode Fuzzy Hash: 8d1e1dbe9b9be2b3d918962546ea5dcd871a1f7c2c21200a902bc86f54315d8b
                                                        • Instruction Fuzzy Hash: A8114574E0430ACFDB40EBA8C044BBEBBF2AF46305F1480AAD858AB391D7789541CF91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ea5855f53859b29dddac67f9fda2a5b54795377d454ea76fddbcb4eef12f8e9
                                                        • Instruction ID: 88b7025c9b597e19e207976355be24ea610d15f6b2897fe013fc84fff8a4dff5
                                                        • Opcode Fuzzy Hash: 7ea5855f53859b29dddac67f9fda2a5b54795377d454ea76fddbcb4eef12f8e9
                                                        • Instruction Fuzzy Hash: A6012C7691011AABDB10DF99D841AEFBBB8EB48310F104126FA04E3201D6306A548BE1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5e9acce895c5f3705a74d1972ac4b4d74154a84a85a655676af8f1d361edd52f
                                                        • Instruction ID: ff29a6e645d11b16965f62d4dab377f692bb76c1a462b0e86bc8880dadb9f310
                                                        • Opcode Fuzzy Hash: 5e9acce895c5f3705a74d1972ac4b4d74154a84a85a655676af8f1d361edd52f
                                                        • Instruction Fuzzy Hash: 97F037383006048FDB19FA69D45196E77EAAFD465671A806DE986CB364EE31EC0287D0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 668606f67cf281738ecc7eab86d32d58aa88d86daee8cd8086df42cdd2315be5
                                                        • Instruction ID: 063aea7fdedf0817b3844117012e47b2893c822d91714bb28d88f5cf1513605e
                                                        • Opcode Fuzzy Hash: 668606f67cf281738ecc7eab86d32d58aa88d86daee8cd8086df42cdd2315be5
                                                        • Instruction Fuzzy Hash: 7B01D770901608DFDB14DF9AC84879EBEF5BB98365F24C169E818AB290C7758984CF94
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9bbf87afcea39d8065f0582b05c2622afe43978abb1927a1cc53e373dcf1f502
                                                        • Instruction ID: 55d1ebcd465d5cb467351a547a5faca992b24c32434383a62964932072f61e7f
                                                        • Opcode Fuzzy Hash: 9bbf87afcea39d8065f0582b05c2622afe43978abb1927a1cc53e373dcf1f502
                                                        • Instruction Fuzzy Hash: E6F0AF353002108FEB24AB29D444A5AB7FAEFCA724F100579E506D7332CA70EC068B91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 643b248d7afb30ff9527490acf0e21134c04ec3e0d22f5ff478affd4206a4db2
                                                        • Instruction ID: 70f317fe0ea1834bddb872579d78f8932550f1d43ac0433eb7f399f9e663a2b4
                                                        • Opcode Fuzzy Hash: 643b248d7afb30ff9527490acf0e21134c04ec3e0d22f5ff478affd4206a4db2
                                                        • Instruction Fuzzy Hash: AB01A9359147449BCB017F7CDC1049DBBB4EF97211B01436AE985AB350EB30E565C7D1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1f2ffb6711fc0c2f811223f49d5d66947a83c1466ebeda9b349b6f62634a9afe
                                                        • Instruction ID: c1312428c5abdb8cfc31382cf7310f59d05f1dd20f4cab16fad8830a4ddee30b
                                                        • Opcode Fuzzy Hash: 1f2ffb6711fc0c2f811223f49d5d66947a83c1466ebeda9b349b6f62634a9afe
                                                        • Instruction Fuzzy Hash: 93F06DB5304601AFD300EF5AD88092BBBE9EF89760700C829E95EC7711D631EC008BA4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 97005dc32649c472b2a811c99aec5c12b8f2a1772125a764d753c3f7ef2ca69d
                                                        • Instruction ID: 07e82b5be31c8589975948427b2637019632349d84e82256b3eca0e90e78003a
                                                        • Opcode Fuzzy Hash: 97005dc32649c472b2a811c99aec5c12b8f2a1772125a764d753c3f7ef2ca69d
                                                        • Instruction Fuzzy Hash: 38F049B5304640AFD714DF6AE880A6ABBE5EF99364B14C42AE49EC7721C671EC05CB50
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b76d2e00d39209acaa243936826612d6ab60e02f0ea601b82fd058046b273cec
                                                        • Instruction ID: 534e0ff349a270e7409347990b499ccf3608edb0341ef2f11941dd9968b7f330
                                                        • Opcode Fuzzy Hash: b76d2e00d39209acaa243936826612d6ab60e02f0ea601b82fd058046b273cec
                                                        • Instruction Fuzzy Hash: 16F024343006204BEF1A76A8D82A77E3BDAAB84B06F04041DDC16C7A81CB66D8428BC5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e5cea51936de9e36a951b0ca237c8812e2cf69d3a3688f98621f11f4473c0094
                                                        • Instruction ID: 94a4d206f0afbca474fd7e2a4fab66ee5df5e4d4cb12db71713f3e75c7611bee
                                                        • Opcode Fuzzy Hash: e5cea51936de9e36a951b0ca237c8812e2cf69d3a3688f98621f11f4473c0094
                                                        • Instruction Fuzzy Hash: 0A016D3291070A9BCF14AFA5DC488DAFB76FF99318F118629E10567210EB70A599CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 294ea7b91e3f276e2ac8d049b4e38d3f947273f9618ce389dd20c9b553add0c2
                                                        • Instruction ID: 1c5529feda08047da8e4b50665a357a9b474e23654d8b02793eab5e5611dd6d4
                                                        • Opcode Fuzzy Hash: 294ea7b91e3f276e2ac8d049b4e38d3f947273f9618ce389dd20c9b553add0c2
                                                        • Instruction Fuzzy Hash: BE0186319106298BCF04FBA9DC144DDB7B5FF89210F008525D61577250FF706619C7E1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3bf83aa517998c2a430ec7ada24013f0a68dbfa8c82a31d1094fa54a5fc78c19
                                                        • Instruction ID: ebdf6fdc14672fc899ffc16a8db585f3104d7538e14fb1b725bb8362763c2ac6
                                                        • Opcode Fuzzy Hash: 3bf83aa517998c2a430ec7ada24013f0a68dbfa8c82a31d1094fa54a5fc78c19
                                                        • Instruction Fuzzy Hash: 1DF0C8319146189FC710EB6AD880CDFBBF8EF85300700416BE60497321D730A945CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cebbe81f9bd7ba1dc716d4ac9f8d7ac0069e7f8a154bbb3bb0d114fb92df020e
                                                        • Instruction ID: f7dea969416ca09fd15bcb02af5b5581de2e09cdb883e135d9143a9e44e303e7
                                                        • Opcode Fuzzy Hash: cebbe81f9bd7ba1dc716d4ac9f8d7ac0069e7f8a154bbb3bb0d114fb92df020e
                                                        • Instruction Fuzzy Hash: B8016D35200650CFE310DB38D480F5E77E9EF89655F008869D546DB361DA31EC06CB90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f0eb15934e82585e9a4b951a68af3b262eb87c8cb0dcc6c9bbef9a30546fee50
                                                        • Instruction ID: 45985d725ae69f9af959f32294da2f1a9acd50c06b65a58be04b76c8bbb134bf
                                                        • Opcode Fuzzy Hash: f0eb15934e82585e9a4b951a68af3b262eb87c8cb0dcc6c9bbef9a30546fee50
                                                        • Instruction Fuzzy Hash: 8DF0B4F192DA84EFE3D27BE55C115243B70E95618134401E7F767CA612D56E680193E3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5a2579731e90692e43bc5531364a50ac6485e7c332c42697bb09e79c5ab3bcc1
                                                        • Instruction ID: 633513c9761d70e9cae737f5c33b5d36d5d22dea96ac8f5db53fa6daad262fc7
                                                        • Opcode Fuzzy Hash: 5a2579731e90692e43bc5531364a50ac6485e7c332c42697bb09e79c5ab3bcc1
                                                        • Instruction Fuzzy Hash: 62F0F631910618EBCF00FBA8D8145DEB7B5FF89310F01892AEA55B3250EF306919C7D2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 790fcf284ee409403ca7bba8885ee6645ac9dea12f0e31d9ea58ef8b93f7fe4d
                                                        • Instruction ID: 4257cdb8d87c277be416d6f01ae7aa5771e05f6357e5d134b6c7897f5ca62ce0
                                                        • Opcode Fuzzy Hash: 790fcf284ee409403ca7bba8885ee6645ac9dea12f0e31d9ea58ef8b93f7fe4d
                                                        • Instruction Fuzzy Hash: 87F090366042149FDB18ABB9F455A2E77EAEBC4316F108C3DE046C7350CF38A802CB95
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378154113.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6040ed428a7d38745badd6a6779312ac8bd315323057fb81d92f50cf1a6c66d6
                                                        • Instruction ID: abcf7885ad51a3970b777dbc0462975445041005af65ea556eb179162f5bd536
                                                        • Opcode Fuzzy Hash: 6040ed428a7d38745badd6a6779312ac8bd315323057fb81d92f50cf1a6c66d6
                                                        • Instruction Fuzzy Hash: 64F062714083549FE7108F16DDC8B62FF98EB51734F18C45BED495A286C2799844CAB1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f54b5c417fe00ccaa8c21c07e6efa5baa867ec8f809bce1e544dc9952b42e764
                                                        • Instruction ID: 9a35f03aad9e70e9b5d4784030275c9ec575a7d16f7dff4421e5119199bde308
                                                        • Opcode Fuzzy Hash: f54b5c417fe00ccaa8c21c07e6efa5baa867ec8f809bce1e544dc9952b42e764
                                                        • Instruction Fuzzy Hash: 9AF09A343002108FDB24AB6AD444D5AB7FAEFCAB15B1005BEE506DB372DA71EC068BD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 943710ee34766b5a384d470628a313070ee2d0900c8efa5cf72a5aa798d2d894
                                                        • Instruction ID: 6a43b0a3c141e2316347f3e18310d2716c914a6e75c325063b6c820a055d5328
                                                        • Opcode Fuzzy Hash: 943710ee34766b5a384d470628a313070ee2d0900c8efa5cf72a5aa798d2d894
                                                        • Instruction Fuzzy Hash: 5AF06235920A0897CB007F7DDC1089DBBB4EF96221B41832AE9856B250EB30E5A4C7D1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6e4de44fe2052da97539efe6c2127eeece56a2871c9f55e470eae5c0e78cbb80
                                                        • Instruction ID: bec2c1cb902f340fb5b5c3d4504c262a5e04edae6f9d4c6193ace2ca7294fdd0
                                                        • Opcode Fuzzy Hash: 6e4de44fe2052da97539efe6c2127eeece56a2871c9f55e470eae5c0e78cbb80
                                                        • Instruction Fuzzy Hash: 39F08231610304ABDB14EBEAE884A9BB7E9FFCA250B10453EE605C7205EF35EC41C661
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: edbe7722546af14a349a951ac656883931952bc82e854bf4277c4fd520e765aa
                                                        • Instruction ID: abe93dbc7f0202ebd03f796d5829c8ebc794722858bd792d0c1281d851c5adb8
                                                        • Opcode Fuzzy Hash: edbe7722546af14a349a951ac656883931952bc82e854bf4277c4fd520e765aa
                                                        • Instruction Fuzzy Hash: 9FF065713400145FA204A76EDC98C3BB7EDEFC9675715416AF509C73B1C961DC0186B4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3755a77f1e8784ac7bcfb4ee860b2a395b89ddf32fd3281e2d806ff42d2e2893
                                                        • Instruction ID: cf605eec8f31dea8dcc7a9dfdfbcf11f8b30210d1042c14fb09cae251f4a075c
                                                        • Opcode Fuzzy Hash: 3755a77f1e8784ac7bcfb4ee860b2a395b89ddf32fd3281e2d806ff42d2e2893
                                                        • Instruction Fuzzy Hash: 93F0822430061147EF2932B9842A77F3BCA6B8570AF44141DDD16C6A91CEA6D9458BC5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 51cb4172f451a2728d7c8de57e85b8a17ad5c2c1a41f2b4d52dfeb3aaa65644d
                                                        • Instruction ID: ae09b5197119049176a5bffcf7cced6175c9e523b4969752deeeb679b749eb2e
                                                        • Opcode Fuzzy Hash: 51cb4172f451a2728d7c8de57e85b8a17ad5c2c1a41f2b4d52dfeb3aaa65644d
                                                        • Instruction Fuzzy Hash: 3CF082397044149FCF08EB5EE484A2E77EBEBC9B10715005AE90AD7360CE35DD428B95
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fd8de6c35aaafa338060bd5e0ccea41314d8c065901d4e0dde2111bd4efec5e4
                                                        • Instruction ID: 49381beb9842f08982a2ac3e374a8ab835e1be028d5cb77879185e547898f497
                                                        • Opcode Fuzzy Hash: fd8de6c35aaafa338060bd5e0ccea41314d8c065901d4e0dde2111bd4efec5e4
                                                        • Instruction Fuzzy Hash: FBF0B431B101199BD748BBA8C5246AE76E6DF84700F50086ED5026B382CFB59D058BE6
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c037fa94e03773746d70a5b0ee84104f57b12876a78378f4d4c005be439f2457
                                                        • Instruction ID: 13a00b1970ad7c9ce8eb10e2ca7a35d98340df8da77bef6da9e76d511443cf7f
                                                        • Opcode Fuzzy Hash: c037fa94e03773746d70a5b0ee84104f57b12876a78378f4d4c005be439f2457
                                                        • Instruction Fuzzy Hash: F7F05E75B042149FDB18AB79E41552E7BEAEBC4316F10887DE04687340CE3498028BA5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8d195e9983aad3e3b8d35d4ef439dd2f5479ddbfcaeb22f1380a0626c32f4ce9
                                                        • Instruction ID: 17656df061aeb0dc5e3c01e4feda188a9759ad1d98c4101a4cdcf629567b808a
                                                        • Opcode Fuzzy Hash: 8d195e9983aad3e3b8d35d4ef439dd2f5479ddbfcaeb22f1380a0626c32f4ce9
                                                        • Instruction Fuzzy Hash: EAF04938600650CFE354EB38D454F5B73EAEF89265F00886DD54B9B361CA31EC06CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 573cb66fd75c1645968b7ff4b4a09d651b9399b8cf49dd1685ca9a3674f36c75
                                                        • Instruction ID: 4f148247392e02cb0c71063eea9556d21adb8962ebe50de4286fcb837bfcca92
                                                        • Opcode Fuzzy Hash: 573cb66fd75c1645968b7ff4b4a09d651b9399b8cf49dd1685ca9a3674f36c75
                                                        • Instruction Fuzzy Hash: 56F090B1D39209DFEB42EBF4E8955AC7BB1DF662407000092F146CA521E620D611DB42
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f6eec36e4ecc35f11a590b4c805b2bc0fe2110bf7e6369ca9e2c5c9222b29f47
                                                        • Instruction ID: 7efbc421cb96c10e94b86d560a17f21e7670667dafc5d717d6eda3ae1e768c2a
                                                        • Opcode Fuzzy Hash: f6eec36e4ecc35f11a590b4c805b2bc0fe2110bf7e6369ca9e2c5c9222b29f47
                                                        • Instruction Fuzzy Hash: 67F0A7726043159BDB00EF55ECC095BB7A8FBC9314B100525D51497205D772784587A0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6f8adea1c69a496e8a8648bd5cdd3d465a7c93bba62c15f366dd8dc859f34e39
                                                        • Instruction ID: 41555b5cc0ca73e527af7d717aa71ce0ab8df756fe5ac31c615079d9a71f72fe
                                                        • Opcode Fuzzy Hash: 6f8adea1c69a496e8a8648bd5cdd3d465a7c93bba62c15f366dd8dc859f34e39
                                                        • Instruction Fuzzy Hash: 75F06C313043445FE705A7B5EC54A7937E5EB45252F104866E402D7246DD28DC4687A1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e632ac6eb65459d104f1df0262cacc11e622c2a90bdba48a5e172d156059f388
                                                        • Instruction ID: 85ed7914e2a861264005c386903530b894ed2da9d5130a6497af2ba8f35eb988
                                                        • Opcode Fuzzy Hash: e632ac6eb65459d104f1df0262cacc11e622c2a90bdba48a5e172d156059f388
                                                        • Instruction Fuzzy Hash: 75E065397045145F4F19AB6ED44482E77EFDBC9B60311406AE90AD7360DE71DD028B95
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33a85216bdbf0cad05808aba5208ee5a056251327b6509333cbb9ce3b157eac1
                                                        • Instruction ID: c40f817f10b5bebfd6e873200215219473d8a811fae4f4dbca2c3154222f06ad
                                                        • Opcode Fuzzy Hash: 33a85216bdbf0cad05808aba5208ee5a056251327b6509333cbb9ce3b157eac1
                                                        • Instruction Fuzzy Hash: 8AF0F9B0939106DFE7D4EB98F400665B7B1BB04345F048276B61A8E541DB74C840CB93
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ad952637c674582ae7decc39ad616510cbefd301244c15eb3de3b02eb92ee5ce
                                                        • Instruction ID: 296f0ffa0908b5e2ac525147a06e132f3ddd1c5a664ea31d676e7a8a9d397901
                                                        • Opcode Fuzzy Hash: ad952637c674582ae7decc39ad616510cbefd301244c15eb3de3b02eb92ee5ce
                                                        • Instruction Fuzzy Hash: A8F0DAB0D0430A9FDB44EFADD845AAEBBF4FB48300F1045A9D918E7340D77595408BD0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c2581a0e96a4874244b7ca652bec12e7e33efc8b7d270d308b04e8301139afc0
                                                        • Instruction ID: a9244f81f179581d3d13912f83f264afab317d2f7057b46937f174c32703911e
                                                        • Opcode Fuzzy Hash: c2581a0e96a4874244b7ca652bec12e7e33efc8b7d270d308b04e8301139afc0
                                                        • Instruction Fuzzy Hash: CEF0F4B0D0430A9FDB14EFA8C886AAEBBF4EB48304F108A6AD915E7341D7748641CBD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 849ff7e2bf16e8e5281a010b67c8f723eb1339b852ad0bbb50aff2e6dc157888
                                                        • Instruction ID: e487850ae67ef63354b610913affc6773ee2e2bfda05ed765e7bbea693a961c5
                                                        • Opcode Fuzzy Hash: 849ff7e2bf16e8e5281a010b67c8f723eb1339b852ad0bbb50aff2e6dc157888
                                                        • Instruction Fuzzy Hash: C2F06D35310114CFC304EB5DE488E6977EAFBCD611B1681AAE909C7371CE75EC018B90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4a0445c25b115d6ff0bab2faa3032747d1e670199eaafbce062b3504ef075ab
                                                        • Instruction ID: 754c42f7164dea1319aa53600d3e05626b4e491480be5edb6bbd3a1f44863472
                                                        • Opcode Fuzzy Hash: f4a0445c25b115d6ff0bab2faa3032747d1e670199eaafbce062b3504ef075ab
                                                        • Instruction Fuzzy Hash: E1E012337545288BCB10DF9CF8C14B9B3A9E748A6A3188C66E50CDB615F237D862C7C0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3759dba99839f84de0d92ed1613aaa7c6696c2d8946c28e8f3d19da56c183b42
                                                        • Instruction ID: d24d29e24d7e5d89037552f2a2e5da7bb20a7e8e6f6ddb45bdce604e80a8a7b6
                                                        • Opcode Fuzzy Hash: 3759dba99839f84de0d92ed1613aaa7c6696c2d8946c28e8f3d19da56c183b42
                                                        • Instruction Fuzzy Hash: 1CE09BB26043559BDB04AF55EC80897B769EBC53147100536D9156B306D7727C158790
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: eb513a709f4476d91d824111cf7ea7f9f90c4713413351ec60d4897bd79fbcb7
                                                        • Instruction ID: ecaa26132103608ea22bc818491eb6b8b6c6c53b31154d09a222783cdb12cae8
                                                        • Opcode Fuzzy Hash: eb513a709f4476d91d824111cf7ea7f9f90c4713413351ec60d4897bd79fbcb7
                                                        • Instruction Fuzzy Hash: 63F05E74E80245EFEF54ABB4DC4A9EDB7B1BF55342F008215F716662D0C7748825CB92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 81e41b125243a302e2678c11b6b6a56a9ad14c8c811abd10b891c777942b60a7
                                                        • Instruction ID: 9a782768656598efca7ca365aaee7539482d73111e9ab1a8d0f5d9baf7141165
                                                        • Opcode Fuzzy Hash: 81e41b125243a302e2678c11b6b6a56a9ad14c8c811abd10b891c777942b60a7
                                                        • Instruction Fuzzy Hash: 8DE065302412109FD7649B38D45069673D4AF09259F15446DE549CB251CB31E802CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e432c742fa85306df858dda072396d8f804eb633fa358e51eabd6b5c67d98650
                                                        • Instruction ID: 95c7a7d737aa1a496d6a47b94895efb63e3a7b3065af91afc4d178e6868e9549
                                                        • Opcode Fuzzy Hash: e432c742fa85306df858dda072396d8f804eb633fa358e51eabd6b5c67d98650
                                                        • Instruction Fuzzy Hash: CDE01231341324CFDB69AB79E4149E973D9EF4925AB1544BEE50AC7291CF31EC01CB91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56efcc2b5dd641b4ac257606792c8d8596f37e0dca96d81887f1749fbc5d5e7e
                                                        • Instruction ID: 0c2198653bfbef85bc564f75f9fbe8bf74e2636b83f2f767ece81a327f0a0dcc
                                                        • Opcode Fuzzy Hash: 56efcc2b5dd641b4ac257606792c8d8596f37e0dca96d81887f1749fbc5d5e7e
                                                        • Instruction Fuzzy Hash: 5EF0A0A240C3D04FC303A7309C657127FF09F96101F4A84EFC8C6CB242E1289619D363
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4bcbb1d68a1e2c54192e04f0d2e694d8312edb0255d180f5ba0f78df056c0ca0
                                                        • Instruction ID: dd848d810d6e74e3830efd6ab7e30a95f64927651436e69d556d988e1ad4f9c5
                                                        • Opcode Fuzzy Hash: 4bcbb1d68a1e2c54192e04f0d2e694d8312edb0255d180f5ba0f78df056c0ca0
                                                        • Instruction Fuzzy Hash: 08E09234249340CFC32AAB38D4509167BE6AE4624130588FED05ACF762CA35DC85CB82
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f27d3f15e494734db520e7818837f591e70d36d7bcc5109cce29d019346ae92a
                                                        • Instruction ID: e4627e0b999c5289725dfdb176e89fb922bcd9884a0aea87fe16893a59ad1e25
                                                        • Opcode Fuzzy Hash: f27d3f15e494734db520e7818837f591e70d36d7bcc5109cce29d019346ae92a
                                                        • Instruction Fuzzy Hash: F1E01A393201108FC604EB6DE448C6A77EAEFC9A2171580BAE909CB361CE60AC028B90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: bfa89728692d056f4bf589c53b8da1c49a5856632956ba5c0bb1e60381a6a1f6
                                                        • Instruction ID: 4397c65447a005410e40de4f763f1e84785bbc741a40aedfddb2781fd5e561f9
                                                        • Opcode Fuzzy Hash: bfa89728692d056f4bf589c53b8da1c49a5856632956ba5c0bb1e60381a6a1f6
                                                        • Instruction Fuzzy Hash: C3E092316007509FC715BB14D454B5E37E8BF84716F12045EE486C7A60DFA49C528BC1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3a2be7bbd6d9bfe89de6f8b5b9c2ddb794a772c7d2c3e42d55f86a1381c52f70
                                                        • Instruction ID: 5034227edf4178c343090e27a684dfb1dcaa4661bde2bbfb442d8c427d58185c
                                                        • Opcode Fuzzy Hash: 3a2be7bbd6d9bfe89de6f8b5b9c2ddb794a772c7d2c3e42d55f86a1381c52f70
                                                        • Instruction Fuzzy Hash: 76E0C2323105110BC628BA0ED80097E339F9FC9A22B1A44FAE009CB762CD61DC0143D8
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 165c7d1f64ee0e3beb2cecd86856743f87a6cedfc14924bb565874479e7d0185
                                                        • Instruction ID: 49baab05f1b444932742cd645f643df3a2e02ab8643896c6b75ea1752bf7e740
                                                        • Opcode Fuzzy Hash: 165c7d1f64ee0e3beb2cecd86856743f87a6cedfc14924bb565874479e7d0185
                                                        • Instruction Fuzzy Hash: 1AE09A32A0060CEECB40EF28D980A997BE8AB09305F00C52AE508CA110EB30E2948FD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64612e9a65353d7d091518efa937c6b549a473c60713a9ff6176a6f1c32723e5
                                                        • Instruction ID: f61594ee595f13ca418ae9d07f65ff32453e7d8f40fe528dfb9f3f733385c82e
                                                        • Opcode Fuzzy Hash: 64612e9a65353d7d091518efa937c6b549a473c60713a9ff6176a6f1c32723e5
                                                        • Instruction Fuzzy Hash: CEE0DF75200200CFC329EF68D480A1573EAFB46355B1088BDE00A8B721CA72EC80CB84
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d944107f7b147610ae4386cec4930a7e86e15f3ad1cce30dc4512190ae557a06
                                                        • Instruction ID: da14acce5e15859bce4e19ae982271d66b1efc74f5b9e48fb6754af6e442485f
                                                        • Opcode Fuzzy Hash: d944107f7b147610ae4386cec4930a7e86e15f3ad1cce30dc4512190ae557a06
                                                        • Instruction Fuzzy Hash: 7AE08675649344DBC745F7A4E8D076F73D5DBC5660F440435D2098F349CA349C858BD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 08c83ec3b0e7f51419d645ce72d389ca7d590fd3f0cb67de14b10ec41b5386b5
                                                        • Instruction ID: 6934a679209dd44196ab05b2eee285d969cb69bd50f2338e98666c2ab53f5520
                                                        • Opcode Fuzzy Hash: 08c83ec3b0e7f51419d645ce72d389ca7d590fd3f0cb67de14b10ec41b5386b5
                                                        • Instruction Fuzzy Hash: 0CE0C772300020AFC7016B28E840EE83FA4CFAA221B0140A6F809CF320CE218C13C7E2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4d1c97edb096a7d45e1b662f9bb2a22af743daefdaafc3e8e6cfe4300daca3c
                                                        • Instruction ID: e639a10d515adfb2183e837c67eff627d0332087015a925d65654b972106159c
                                                        • Opcode Fuzzy Hash: f4d1c97edb096a7d45e1b662f9bb2a22af743daefdaafc3e8e6cfe4300daca3c
                                                        • Instruction Fuzzy Hash: 73E01271240224ABDB156E69D8557EA3BDCEF8569AF048029E845C6741CB349841CBD5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 06ca4560d1b94500217489454c119b68411d227cde1889f01958436e8f7e7d53
                                                        • Instruction ID: b48428d06965c312228e088422155613785ef3105cbcd108ce04ad527ea11edf
                                                        • Opcode Fuzzy Hash: 06ca4560d1b94500217489454c119b68411d227cde1889f01958436e8f7e7d53
                                                        • Instruction Fuzzy Hash: 3FE0203010E3858FE389A7E0DA105613B33EB4230431440CBD6429B583DB494C034BF3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d3f2add74ab027a4d310357d886d472d598fcbbbdbef281efc46e8ec61e3e6ab
                                                        • Instruction ID: e72e52e735e6b85b97610290feab6763c18b9359980f7591b02e0485abd9527c
                                                        • Opcode Fuzzy Hash: d3f2add74ab027a4d310357d886d472d598fcbbbdbef281efc46e8ec61e3e6ab
                                                        • Instruction Fuzzy Hash: 3FE02B3B9554108AD7A0DB44FEC2BE833D1FB88300F298C05F244C7454C529E5D28792
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7ba74fad3a0e13bff0adaa6bb2ccfad410cfb87ee5f16422352fbcbdf4320786
                                                        • Instruction ID: 769212e94c82a237f71e3a0861e3e7c888d6657cb87c345bbbd769a540e613b8
                                                        • Opcode Fuzzy Hash: 7ba74fad3a0e13bff0adaa6bb2ccfad410cfb87ee5f16422352fbcbdf4320786
                                                        • Instruction Fuzzy Hash: B2E09B741083458FE351A7B4D8156657771DF45204F14C4CA91968B293C630E80ACB52
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f51a34aaf71c5cee82d209fcd31b8c6d97bc71f7f43ac20ca6fed00d775daa2b
                                                        • Instruction ID: e8f7fe5fdd8b4e80f95b030eef1b0f8508eb30842343772860c44417fe6d2d67
                                                        • Opcode Fuzzy Hash: f51a34aaf71c5cee82d209fcd31b8c6d97bc71f7f43ac20ca6fed00d775daa2b
                                                        • Instruction Fuzzy Hash: 3AD02B375651108AEAA0E754ADC13C93381FBD8301F298C45F141DB044C42A99864192
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65897809004258f268146b42bb20bd5d18d9c5d7abe3852a9552cebed3b073a6
                                                        • Instruction ID: 452199852a949b4d143f74d6a6b13f91913b84dba7454baa3aab0f7d50530255
                                                        • Opcode Fuzzy Hash: 65897809004258f268146b42bb20bd5d18d9c5d7abe3852a9552cebed3b073a6
                                                        • Instruction Fuzzy Hash: 9EE01234700B648FCB54B628D014A6E77D9BF8975AF01005DE946C7B60EFE4DC418BD5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3ccf1d62ad6098ffeb64cf37dd0e07fadef64690785b02c24e2088a0d9b3dba5
                                                        • Instruction ID: da8f88acafe555911f078c31e30ab3ae7e750a5a3f0c48635e2ed19b3c43f82e
                                                        • Opcode Fuzzy Hash: 3ccf1d62ad6098ffeb64cf37dd0e07fadef64690785b02c24e2088a0d9b3dba5
                                                        • Instruction Fuzzy Hash: 5DD02B323505244BCB067795E45533C3369DF84513F04001AF106C7390CF5C4D1243CE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b465d5326355f1f06544ad2ed11705dc9181b46d13d8970f324645de9daed5b2
                                                        • Instruction ID: 21f8ccfed54b70656fcf4d5f63bb76de993be96a49d2760f444731db48df1660
                                                        • Opcode Fuzzy Hash: b465d5326355f1f06544ad2ed11705dc9181b46d13d8970f324645de9daed5b2
                                                        • Instruction Fuzzy Hash: CAE0EDB5D41219DFD790EFB8C54965ABFF0BF08200F1185AAD526D7221E77486018F92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 56a85130ab578fd5055210e8332a46e610d09462d44fbc6371f856128845072f
                                                        • Instruction ID: 2450ffa0d8c74836a67e7874189bfef8ade413a328cdd40406b52ceb0c8c07aa
                                                        • Opcode Fuzzy Hash: 56a85130ab578fd5055210e8332a46e610d09462d44fbc6371f856128845072f
                                                        • Instruction Fuzzy Hash: 5DD012B062E20CEFA3C4B7D5D601A2636BEEB44704B104059B70696784EA756C010BF3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 236c520f392bc5b68da295e2791add4c897fdc37923af08e884a2513a5775a7a
                                                        • Instruction ID: 552aa104166c72fd59e532acbe6714ff5e89ea5ff682568c532c48b9eebe0f76
                                                        • Opcode Fuzzy Hash: 236c520f392bc5b68da295e2791add4c897fdc37923af08e884a2513a5775a7a
                                                        • Instruction Fuzzy Hash: DBD0123062C208CFF79433E26018B3BF2B5974020DB50035E738F895E8EA55985081E3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 9816c7aed8faf175257e40fcbe67dc1d822506108ba4e112b4b0bcc95b746ea4
                                                        • Instruction ID: 723f915d761e9d0f1f9a601a144b0ef704bab43b253c846e87426e74c0f5bdab
                                                        • Opcode Fuzzy Hash: 9816c7aed8faf175257e40fcbe67dc1d822506108ba4e112b4b0bcc95b746ea4
                                                        • Instruction Fuzzy Hash: 28D017B0A7C128EF63C0F7EAD8445F6F2B9A68B7413008883BB0F97600D961584067E3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e0c1f3ed69df636b86fc809274a1f282c3a3da274b8c832a0270f3a929b7638e
                                                        • Instruction ID: 0b5e912ae816bf54d879b3ff2b13c740e54cf2009deed68dd2ed61b57a9f6524
                                                        • Opcode Fuzzy Hash: e0c1f3ed69df636b86fc809274a1f282c3a3da274b8c832a0270f3a929b7638e
                                                        • Instruction Fuzzy Hash: CAD05B3530020857DB04DB74E898BF637E99B80A15F154459F806C7345EB74D9878590
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24aade809795c7435d94a9645f1d55e97ae4de39b329640fdaf8dc832e123f01
                                                        • Instruction ID: 8b6dfbdfe9f0f73b1aae66c75cc7849aedc9302deb67af3a5c635b702127c72c
                                                        • Opcode Fuzzy Hash: 24aade809795c7435d94a9645f1d55e97ae4de39b329640fdaf8dc832e123f01
                                                        • Instruction Fuzzy Hash: E7E0C232204210CFE724BB69E440BDAB366FF82316F25446EE04A9B794C775DC42CBD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2ebbee44fab9001bbde07f3aa6e67fb9be16e783f746604383f71395f7de486c
                                                        • Instruction ID: 442eea20f38738aa0eff7a78b3ba90625d8d09775a8dfefa5d4612c0caf8568a
                                                        • Opcode Fuzzy Hash: 2ebbee44fab9001bbde07f3aa6e67fb9be16e783f746604383f71395f7de486c
                                                        • Instruction Fuzzy Hash: C0E04671628065CEA3C4BBE6D4442FAF2B0A687701B00888BB71F56A00D66118406BE3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 556bc6323f19c57ea6ce56007f3bdd60ad259560b52f2fd6acdcb3d4452ca180
                                                        • Instruction ID: 971ef517e11825c9098def3c4b8ee9742a49a50066ad24554f8f04d997768a81
                                                        • Opcode Fuzzy Hash: 556bc6323f19c57ea6ce56007f3bdd60ad259560b52f2fd6acdcb3d4452ca180
                                                        • Instruction Fuzzy Hash: 0FE09270E19245CFDB16AFE4D440ADEBB727F80304B05855AF6615B162C731C815CBC2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 368355c2f98112392c4035d2eb66eaa46a046c0dc0e555849dcef8f8826c8307
                                                        • Instruction ID: 4e87af661daa68045e905a9300ac6b0037be556c5d6f19cce5702dbf407762cc
                                                        • Opcode Fuzzy Hash: 368355c2f98112392c4035d2eb66eaa46a046c0dc0e555849dcef8f8826c8307
                                                        • Instruction Fuzzy Hash: 6AD05B35500114BFC701E754D440D46BFD9BB45654B18C459F14897121D221E561CBD4
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f66f5b0c6a677a81ed6f1a909d09b8698d097e1397a3d31191fd4c69e7b76e6c
                                                        • Instruction ID: c1a0f61b6130d4c492d61d40b898bc43a4d0ab6a233e61313ce0176fec6423a8
                                                        • Opcode Fuzzy Hash: f66f5b0c6a677a81ed6f1a909d09b8698d097e1397a3d31191fd4c69e7b76e6c
                                                        • Instruction Fuzzy Hash: 22E0EC3180010CAFDF00DFA4D8458ADBBB5EB44201F50C5A5EC04D2251E3319B649B91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e17c89b95f7097a9a8529a353f896156d0b122a7436ef347f57137953f07a576
                                                        • Instruction ID: aa2d09e88d1acaafe9bb2fdcd51497710c94fa4f5359a9669f4ad5d1c198f10b
                                                        • Opcode Fuzzy Hash: e17c89b95f7097a9a8529a353f896156d0b122a7436ef347f57137953f07a576
                                                        • Instruction Fuzzy Hash: 30D0C92A01D2C08EE7028B68ACA079C3F716F13116B6945D2C2E0C7073C1184555DB3A
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c7e46ca110f863a67976935cd8c3b229f8f0e0face33b693d46ef1621845a8d2
                                                        • Instruction ID: cdc7a52cadb063298fbf30a30fddacfac2b1f154edae2e1d7e07f23b1c55c6dd
                                                        • Opcode Fuzzy Hash: c7e46ca110f863a67976935cd8c3b229f8f0e0face33b693d46ef1621845a8d2
                                                        • Instruction Fuzzy Hash: A2E0B6B0D50209EFD790EFB9C945B5EBBF0BF08200F1185AAD119E7221E7B496048FA2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 738b2fe29645a79a3bc671ce929d33682be67241620b12ded1a932360bf6ee10
                                                        • Instruction ID: 8855e31b0652d63c5917c3459e6d188d43a3fc5283777d84e760b784de3be843
                                                        • Opcode Fuzzy Hash: 738b2fe29645a79a3bc671ce929d33682be67241620b12ded1a932360bf6ee10
                                                        • Instruction Fuzzy Hash: F7E0E271A1060CEE8B40BE78D944599BBE8AB16219F40C52AE80CDA110FA30E2A88BC1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30450554e59ab36fe2e82870a4a3288d3d1fdd65a56c8ea1d920550c86f237c6
                                                        • Instruction ID: 8172a4ffe2aa9cf0d62f878ac7a502b0d7fc2bed03c3a2d9bd99d98c8919b1fa
                                                        • Opcode Fuzzy Hash: 30450554e59ab36fe2e82870a4a3288d3d1fdd65a56c8ea1d920550c86f237c6
                                                        • Instruction Fuzzy Hash: 66D0223235083803CA0A3759A42813C721DCFC0923B08006AF40BC7381CF8C4E1242CE
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 629a3f94d3ed4c3282f4d1a066c9a8ab22c6ab0133513fa07964ecf2cbf05ffb
                                                        • Instruction ID: 3b49c6c953f2f9c8b815f304df1a24d5ff56e5a5b7c66ec709e5b39c17f3795c
                                                        • Opcode Fuzzy Hash: 629a3f94d3ed4c3282f4d1a066c9a8ab22c6ab0133513fa07964ecf2cbf05ffb
                                                        • Instruction Fuzzy Hash: 7FE05E31424605CFDB00EF6CE8C5AA877F4FF45704F000A95E204DB225EB64F850CB51
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cf81205330efd0e7fd6dfe0ad5fcb865ec4fe910524b4a3cf2443167f065d83d
                                                        • Instruction ID: 23e26a98a3952fd623181530a998acff1ba04b27df48019c8fcbd59564234d4a
                                                        • Opcode Fuzzy Hash: cf81205330efd0e7fd6dfe0ad5fcb865ec4fe910524b4a3cf2443167f065d83d
                                                        • Instruction Fuzzy Hash: 70D0A730258704CFE300FB2CD88586577F4FF45709B000995F1059B221FB21F804C641
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 33944a7eeef6e6d9e5d8e52d6589db3ec35372ed537917d35022211d2a0666f0
                                                        • Instruction ID: 3f4505c6aab1e032ad45c983555f27b7c1908297c11cf5a2c086450dcc6eea26
                                                        • Opcode Fuzzy Hash: 33944a7eeef6e6d9e5d8e52d6589db3ec35372ed537917d35022211d2a0666f0
                                                        • Instruction Fuzzy Hash: 82D05E35A3F245CFA3C4BBE2D51463332B6DB481417304056B20F49810CB5998404AB7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 92990b65e79c8fecd96b25c3f28341604668ea1796ec35b577d673c92a8e91c0
                                                        • Instruction ID: 28fe6598c265745dca1adac1e729404f1e7d8eca63ef957eaee061cc3750a13c
                                                        • Opcode Fuzzy Hash: 92990b65e79c8fecd96b25c3f28341604668ea1796ec35b577d673c92a8e91c0
                                                        • Instruction Fuzzy Hash: 84D0C9767401249F8604AA58E800CA977A9DB996613414066F905CB331CE61EC52C7D9
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f4fa1a701dd9e2b3bfff6b89c519413d56f3a5115c2cebd78ee8586adb4192e5
                                                        • Instruction ID: 7c8d41d638592faecebf6b20d8b81c544ce2cf925e4cddb81619e06cd2fe6662
                                                        • Opcode Fuzzy Hash: f4fa1a701dd9e2b3bfff6b89c519413d56f3a5115c2cebd78ee8586adb4192e5
                                                        • Instruction Fuzzy Hash: A4D0C931200128ABCB156AA6E4096FA7A9CEB416A7F048029E91986690CF688941DAD5
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: aad8067b820c8864bf8c1b14da18b78714a02cbd1fddf71215e7cb3c8779ad75
                                                        • Instruction ID: 60da2b893d4eb215e01c103ba3e182b08db6911501b9fab81ac7d500298b455f
                                                        • Opcode Fuzzy Hash: aad8067b820c8864bf8c1b14da18b78714a02cbd1fddf71215e7cb3c8779ad75
                                                        • Instruction Fuzzy Hash: 2EC08C32300134930608318FB4048AE769EDBCE93231A003BE30EC33408E954C0202EA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5c6962d660cb81861b28ccb12ad29abe637ba55edc2f0ce3562c40212e3fd278
                                                        • Instruction ID: 40ba769d99a1886519aa823b664d41cf01787569c58ca749969fcf7b1f39a48f
                                                        • Opcode Fuzzy Hash: 5c6962d660cb81861b28ccb12ad29abe637ba55edc2f0ce3562c40212e3fd278
                                                        • Instruction Fuzzy Hash: 39D05E31204310CBD324B666E444B96B3A9FF82216F51446EE48A463508B75AC41CBD1
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 656af98dd13fec58042d70735a5252d698e4eb03fe5945683150c09576f89f08
                                                        • Instruction ID: da20f282a6421ae1cd904177c2d899dfa85d473f78dbb78119d52848abf26914
                                                        • Opcode Fuzzy Hash: 656af98dd13fec58042d70735a5252d698e4eb03fe5945683150c09576f89f08
                                                        • Instruction Fuzzy Hash: 78C01274A3E28CCF37C077EAE51463432BA91842013300012B30B49910CE19980006F7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 20caba7da77db68d84cd772e54a816910d308db52269d27d20210fdff89110c4
                                                        • Instruction ID: 7788cf9cec06d35493a1eff489f4d1192738ea618bb4f078532499115ff8ebbc
                                                        • Opcode Fuzzy Hash: 20caba7da77db68d84cd772e54a816910d308db52269d27d20210fdff89110c4
                                                        • Instruction Fuzzy Hash: D9C012E654D2C1DE93CB1B6564504E53F32D52310530A14C6E19587553CE080A19C7B2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 26bea58aaab8470676c169a7fa00b123e9b23ccb3ac124006a1c4ba6ce319cfe
                                                        • Instruction ID: f4f6b9b58fef58ee45cdf568d28c73dfda5bffef4afb06cd4ca20ec19bcfe2cf
                                                        • Opcode Fuzzy Hash: 26bea58aaab8470676c169a7fa00b123e9b23ccb3ac124006a1c4ba6ce319cfe
                                                        • Instruction Fuzzy Hash: 42C080EA4161C02DD7C71B504C108403F606E1321831650D3D1515F933C141C419DB32
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 475007a468db2e2212c754c3e781a5d2fe2f1c2cc0ea048a1981a5fec9ab41b1
                                                        • Instruction ID: 194f8ef4cdd2c5fd6e0aff5fc322c8777837c67867dbf1da35f4c1cb14c74a0a
                                                        • Opcode Fuzzy Hash: 475007a468db2e2212c754c3e781a5d2fe2f1c2cc0ea048a1981a5fec9ab41b1
                                                        • Instruction Fuzzy Hash: 03C012BA46D3C8AED38B2BA0A8090713F380823600B0500C7E19ACB622D20808629BA3
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 30615f67fb702f189f2cb797f7f80b69942fde25a18592673302e4aadf67b948
                                                        • Instruction ID: 352823fd3dbf6c6d762f24dbc21144be272deb75f82c8c964fd64f20f9157269
                                                        • Opcode Fuzzy Hash: 30615f67fb702f189f2cb797f7f80b69942fde25a18592673302e4aadf67b948
                                                        • Instruction Fuzzy Hash: 02D05E31104144AFCB11CF34D499EEABB61EF95310F2980A9E8884B623C232D816CF01
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2e76d57081bbef04990d4a58c8a6a569922d391c7ac9cfb8df0e73b6f0487e69
                                                        • Instruction ID: ec26340f67fdfea46f2856720049d601fdb58b20c4ae5c5d3901291c829b9528
                                                        • Opcode Fuzzy Hash: 2e76d57081bbef04990d4a58c8a6a569922d391c7ac9cfb8df0e73b6f0487e69
                                                        • Instruction Fuzzy Hash: 19C02B4F12DFC04FF3C3AA3008101816F215D6360034A02F3C1C186183C002080AE733
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1e936225ce8ff24e5e17021c066c62ef5d356d0c2210d5850bd0adc318aed5de
                                                        • Instruction ID: 5fd4d2b818ddd2bae9536fd716b3cda83235730a655d0c8502b7a2cba4a268ad
                                                        • Opcode Fuzzy Hash: 1e936225ce8ff24e5e17021c066c62ef5d356d0c2210d5850bd0adc318aed5de
                                                        • Instruction Fuzzy Hash: 30C012698086445DE303B634A4111997F606F62201F0042B6DD8456290FB24597CDAD2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f9eafa15a60e073faaf072c8a471af8a646e6e4eff0130a0050c9cd88f82ef04
                                                        • Instruction ID: 7b6066041dfb8da7a3e5806d4fbd68fdc5d53c7e1f329be25355857e592c519e
                                                        • Opcode Fuzzy Hash: f9eafa15a60e073faaf072c8a471af8a646e6e4eff0130a0050c9cd88f82ef04
                                                        • Instruction Fuzzy Hash: DDC08CB1046308CFD3083B98A40C3A472699B0A322F000018E309024514B6A0181CFAA
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                        • Instruction ID: 61412fa5721fa0801f19765b42d0f6ac58f054d2697597a3f249e516f761f0d5
                                                        • Opcode Fuzzy Hash: 1d6f2623337c38ef8749255ff78b3cbedb78fba73e040c9434c39499d8169e63
                                                        • Instruction Fuzzy Hash: 87C00235140108AFC740DF55D445D95BBA9EB59660B1180A1F9484B722C632E9119A90
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 88ca9e6d9f9eb8fbe161fc9bce524e278893b4e509810cbca00db65997d2efec
                                                        • Instruction ID: ce7a7c2edd9454774f8dee72edd6fd9c6948e8d01f79f1f27db39397c547e164
                                                        • Opcode Fuzzy Hash: 88ca9e6d9f9eb8fbe161fc9bce524e278893b4e509810cbca00db65997d2efec
                                                        • Instruction Fuzzy Hash: CBB092F012C11ACE67C437CAE0E8E3832789920205B005801B34B040410F515A1082F7
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 055b40dab521520f1907da5fcca57fa34d2a95cd7c99cefc0b376e51937745d3
                                                        • Instruction ID: b53cabb91c4be652d7bb3f25e067095756832bcc89563a8d3c7e22a437eeed6e
                                                        • Opcode Fuzzy Hash: 055b40dab521520f1907da5fcca57fa34d2a95cd7c99cefc0b376e51937745d3
                                                        • Instruction Fuzzy Hash: 5BB012BE274B00FB610077E44840F2F6310BBF5741F408C2233C600000C8335424D59B
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386398664.0000000006AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06AF0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6af0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 59de3abaca570e7640bfc0451af01902f653e64edf7be38f64fc050c06de89f6
                                                        • Instruction ID: 6c30bca3a400ce6a82e826b62b37441d1e0b3596548de9b46fd5408f7dd79982
                                                        • Opcode Fuzzy Hash: 59de3abaca570e7640bfc0451af01902f653e64edf7be38f64fc050c06de89f6
                                                        • Instruction Fuzzy Hash: 26A012394282088ED74433C0B049036333D0851A41B000001F20E828101614147004C2
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 2a9b9b392a594f72337b5b312cd0b9c190bfdc87cb1a6452562e7c4e2b6061f2
                                                        • Instruction ID: f3d85be95c6ec69845e0589d92121e9b1cbaa49222938d41a30ccf321437e35d
                                                        • Opcode Fuzzy Hash: 2a9b9b392a594f72337b5b312cd0b9c190bfdc87cb1a6452562e7c4e2b6061f2
                                                        • Instruction Fuzzy Hash: 49B092304000418BCF10CF00E5E4B4C33B0AF40205F100812D840C3035CB246886AE01
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18077801840a056d3b82cc29eda08ef23cdeb87cdd0a2a229053f0b4967e6b04
                                                        • Instruction ID: ae66fce8ae6671ec6fe37a21c27b9346083a4f894cdb9c66b3284a2a1325088c
                                                        • Opcode Fuzzy Hash: 18077801840a056d3b82cc29eda08ef23cdeb87cdd0a2a229053f0b4967e6b04
                                                        • Instruction Fuzzy Hash: F4B0127140014057EF018B62EDD87143BA0E7C0305F084689D10588019C6944800CF00
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 65c6c07ddaff9bb4187a91ea138b5172c7186ff4e9daf95c0996e8863751413d
                                                        • Instruction ID: d982a11eeabf6bacbef0d49eba2c4898ffff09669b3c6d94129d9b705fbdc2c9
                                                        • Opcode Fuzzy Hash: 65c6c07ddaff9bb4187a91ea138b5172c7186ff4e9daf95c0996e8863751413d
                                                        • Instruction Fuzzy Hash: F2B092700002018ACA00DF22A5884483760F70232A7244359C478891D0C63A68028F00
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 574dcb4407366c8be737899b8650bd91f014facf30e49ed4220bdb77aae5eb92
                                                        • Instruction ID: e45782d48f82f044f79399cff10384585e23b66203d0f3eb5d233cae1b1faba6
                                                        • Opcode Fuzzy Hash: 574dcb4407366c8be737899b8650bd91f014facf30e49ed4220bdb77aae5eb92
                                                        • Instruction Fuzzy Hash:
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 8cbb408c7cd23ad4093901c25cdd3d22ec40b99ffe2d5de2293e171e26bc1584
                                                        • Instruction ID: 7e35a58d70b0d0616890e5c1d75a37e89de0199b0660e278f1230aa7a951a593
                                                        • Opcode Fuzzy Hash: 8cbb408c7cd23ad4093901c25cdd3d22ec40b99ffe2d5de2293e171e26bc1584
                                                        • Instruction Fuzzy Hash: BFD1BEB4B007109FEB69EB79C4507AE77EBAF89700F1084ADD156DB290DB35D805CB92
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 21b7704d8bbf847e361595e84fabf68339879faaaefb7ddbc6c3ab585b449f1b
                                                        • Instruction ID: 2517418257cfb331bad7e5b7b766e4e23b86bcdcb78ff72c8fb97110e091a880
                                                        • Opcode Fuzzy Hash: 21b7704d8bbf847e361595e84fabf68339879faaaefb7ddbc6c3ab585b449f1b
                                                        • Instruction Fuzzy Hash: 76E1E5B4E002198FDB14DFA9D580AAEFBF2FF89305F2481A9D414AB355D730A941CFA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7f50d69a9278545880a7ec8d5c198e986f0515ca93c1670c0fd744fbd07b8415
                                                        • Instruction ID: 80b175e29ae7b9147723f3724f798815cf47a96e9bb9f8779ef056ffd2f4bfa7
                                                        • Opcode Fuzzy Hash: 7f50d69a9278545880a7ec8d5c198e986f0515ca93c1670c0fd744fbd07b8415
                                                        • Instruction Fuzzy Hash: F5E1D4B4E042198FDB14DBA9C580AAEFBF6FF89305F2481A9D415AB355D730AD41CFA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c09414d07fd77702f2cc69db29ab2fd4cbc857111cbd56e38181aa048ebe3742
                                                        • Instruction ID: 6f592fe732821152b56da955cc0ee0e9dda2e20f7f06b105c393375ea4860d93
                                                        • Opcode Fuzzy Hash: c09414d07fd77702f2cc69db29ab2fd4cbc857111cbd56e38181aa048ebe3742
                                                        • Instruction Fuzzy Hash: D7E1C8B4E042198FDB54DFA9C580AAEFBF2FF89305F2481A9D414AB355D731A941CFA0
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 24a726e11da2d5a9720e177ff69775a6c0768ef2a1c77e60b08158b8b4d35e39
                                                        • Instruction ID: 50f64026b042e86ae9c364047b2155e9f41d45365ee52599ccdfcba9784e4f49
                                                        • Opcode Fuzzy Hash: 24a726e11da2d5a9720e177ff69775a6c0768ef2a1c77e60b08158b8b4d35e39
                                                        • Instruction Fuzzy Hash: 09E1E5B4E042198FDB14DFA9C580AAEFBF2FF89305F2485A9D419AB355D730A941CF60
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5d51feedab3a49780c0195dcace6ef84a3f3c14928f6224e636ed38dd88459b0
                                                        • Instruction ID: 2e49020ceb0dc04a485d53aea2a934b5f9978c8f5c19efb5327db6bd1ac107f9
                                                        • Opcode Fuzzy Hash: 5d51feedab3a49780c0195dcace6ef84a3f3c14928f6224e636ed38dd88459b0
                                                        • Instruction Fuzzy Hash: 33D1F771D2075A9BCB10EB64D990A9DB7B1FF95300F20CB9AD0097B211EBB06AD5CF91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1378828786.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e4b741545eeb68bc1a7f39a29629e397d6a7ff9f915c5df9c8c5bbce791c7106
                                                        • Instruction ID: 8664adbf5d742692613112ddea97f6d7ed84190fa522ea54cd9a2391519adf66
                                                        • Opcode Fuzzy Hash: e4b741545eeb68bc1a7f39a29629e397d6a7ff9f915c5df9c8c5bbce791c7106
                                                        • Instruction Fuzzy Hash: 3AA17E3AE002198FCF05DFB5C88059EB7B2FF96304B15856AE906EB265DB31E915CF40
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1387622799.00000000089A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 089A0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_89a0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c9d705ec63f9b516d0d9c054dafe113e38c20618ebe2c104f9624a398d7a245e
                                                        • Instruction ID: dda63cd781510fdb6c6eaa57e2e9fdff1d673061d0ac666ef43978f970f9dfba
                                                        • Opcode Fuzzy Hash: c9d705ec63f9b516d0d9c054dafe113e38c20618ebe2c104f9624a398d7a245e
                                                        • Instruction Fuzzy Hash: 03D1F771D2075A9BCB10EB64D990A9DB7B1FF95300F20CB9AD0097B211EBB06AD5CF91
                                                        Memory Dump Source
                                                        • Source File: 00000000.00000002.1386598518.0000000006BE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06BE0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_0_2_6be0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: adbc7b87ee36d0ba52dc27b614d28cb583cd673f7a62a0e14404037daabd026d
                                                        • Instruction ID: 3a40a9a690f02ed18fcd754c0b5108ebd880a71c7d49169c2da08cdbdb5f4497
                                                        • Opcode Fuzzy Hash: adbc7b87ee36d0ba52dc27b614d28cb583cd673f7a62a0e14404037daabd026d
                                                        • Instruction Fuzzy Hash: 8C5108B4E042198FDB14DFA9C5819AEFBF2EF89304F2481A9D418AB315D7359D41CFA1

                                                        Execution Graph

                                                        Execution Coverage:10.2%
                                                        Dynamic/Decrypted Code Coverage:100%
                                                        Signature Coverage:0%
                                                        Total number of Nodes:175
                                                        Total number of Limit Nodes:19
                                                        execution_graph 38167 e2d030 38168 e2d048 38167->38168 38169 e2d0a2 38168->38169 38175 663d297 38168->38175 38179 663d2a8 38168->38179 38183 663d2f8 38168->38183 38188 663e3f8 38168->38188 38197 663a4c4 38168->38197 38176 663d29c 38175->38176 38177 663a4c4 2 API calls 38176->38177 38178 663d2ef 38177->38178 38178->38169 38180 663d2ce 38179->38180 38181 663a4c4 2 API calls 38180->38181 38182 663d2ef 38181->38182 38182->38169 38185 663d298 38183->38185 38184 663d307 38184->38169 38185->38184 38186 663a4c4 2 API calls 38185->38186 38187 663d2ef 38186->38187 38187->38169 38189 663e3fc 38188->38189 38190 663e469 38189->38190 38192 663e459 38189->38192 38222 663a5ec 38190->38222 38206 663e580 38192->38206 38211 663e590 38192->38211 38216 663e65c 38192->38216 38193 663e467 38198 663a4cf 38197->38198 38199 663e469 38198->38199 38201 663e459 38198->38201 38200 663a5ec 2 API calls 38199->38200 38202 663e467 38200->38202 38203 663e580 2 API calls 38201->38203 38204 663e590 2 API calls 38201->38204 38205 663e65c 2 API calls 38201->38205 38203->38202 38204->38202 38205->38202 38208 663e58c 38206->38208 38207 663e630 38207->38193 38229 663e648 38208->38229 38232 663e638 38208->38232 38213 663e592 38211->38213 38212 663e630 38212->38193 38214 663e648 2 API calls 38213->38214 38215 663e638 2 API calls 38213->38215 38214->38212 38215->38212 38217 663e61a 38216->38217 38218 663e66a 38216->38218 38220 663e648 2 API calls 38217->38220 38221 663e638 2 API calls 38217->38221 38219 663e630 38219->38193 38220->38219 38221->38219 38223 663a5f7 38222->38223 38224 663f872 38223->38224 38225 663f91c 38223->38225 38227 663f8ca CallWindowProcW 38224->38227 38228 663f879 38224->38228 38226 663a4c4 CallWindowProcW 38225->38226 38226->38228 38227->38228 38228->38193 38230 663e659 38229->38230 38236 663f800 38229->38236 38230->38207 38233 663e63c 38232->38233 38234 663e659 38233->38234 38235 663f800 2 API calls 38233->38235 38234->38207 38235->38234 38237 663f80c 38236->38237 38238 663a5ec CallWindowProcW 38237->38238 38239 663f816 38238->38239 38239->38230 38240 663f872 38239->38240 38241 663f91c 38239->38241 38243 663f8ca CallWindowProcW 38240->38243 38244 663f879 38240->38244 38242 663a4c4 CallWindowProcW 38241->38242 38242->38244 38243->38244 38244->38230 38045 6632ac0 DuplicateHandle 38046 6632b56 38045->38046 38245 663d0f0 38246 663d158 CreateWindowExW 38245->38246 38248 663d214 38246->38248 38248->38248 38047 28e0848 38049 28e084e 38047->38049 38048 28e091b 38049->38048 38054 6631bf3 38049->38054 38060 6631b60 38049->38060 38064 6631b70 38049->38064 38068 28e1342 38049->38068 38056 6631b74 38054->38056 38059 6631bfa 38054->38059 38055 6631bc7 38055->38049 38056->38055 38072 663175c 38056->38072 38059->38049 38061 6631b74 38060->38061 38062 663175c GetModuleHandleW 38061->38062 38063 6631ba0 38062->38063 38063->38049 38065 6631b74 38064->38065 38066 663175c GetModuleHandleW 38065->38066 38067 6631ba0 38066->38067 38067->38049 38070 28e1350 38068->38070 38069 28e1440 38069->38049 38070->38069 38130 28e7e71 38070->38130 38073 6631767 38072->38073 38076 663271c 38073->38076 38075 6633126 38075->38075 38078 6632727 38076->38078 38077 663384c 38077->38075 38078->38077 38081 66354d0 38078->38081 38085 66354e0 38078->38085 38082 66354d4 38081->38082 38083 6635525 38082->38083 38089 6635690 38082->38089 38083->38077 38087 6635501 38085->38087 38086 6635525 38086->38077 38087->38086 38088 6635690 GetModuleHandleW 38087->38088 38088->38086 38091 663569d 38089->38091 38090 66356d6 38090->38083 38091->38090 38093 663416c 38091->38093 38094 6634177 38093->38094 38096 6635748 38094->38096 38097 66341a0 38094->38097 38096->38096 38098 66341ab 38097->38098 38104 66341b0 38098->38104 38100 66357b7 38108 663ac58 38100->38108 38113 663ac40 38100->38113 38101 66357f1 38101->38096 38107 66341bb 38104->38107 38105 6636bb8 38105->38100 38106 66354e0 GetModuleHandleW 38106->38105 38107->38105 38107->38106 38109 663ac5a 38108->38109 38110 663ac95 38109->38110 38118 663aed0 38109->38118 38121 663aec0 38109->38121 38110->38101 38114 663ac50 38113->38114 38115 663ac95 38114->38115 38116 663aec0 GetModuleHandleW 38114->38116 38117 663aed0 GetModuleHandleW 38114->38117 38115->38101 38116->38115 38117->38115 38119 663aeda 38118->38119 38125 663af10 38118->38125 38119->38110 38122 663aecc 38121->38122 38124 663af10 GetModuleHandleW 38122->38124 38123 663aeda 38123->38110 38124->38123 38127 663af15 38125->38127 38126 663af54 38126->38119 38127->38126 38128 663b158 GetModuleHandleW 38127->38128 38129 663b185 38128->38129 38129->38119 38131 28e7e7b 38130->38131 38132 28e7f31 38131->38132 38136 664fbb8 38131->38136 38145 664f978 38131->38145 38149 664f968 38131->38149 38132->38070 38138 664fbbe 38136->38138 38140 664f98d 38136->38140 38137 664fba2 38137->38132 38144 664fc53 38138->38144 38153 28eea28 38138->38153 38156 28eea21 38138->38156 38139 664fd10 38139->38132 38140->38137 38141 664fbb8 GlobalMemoryStatusEx 38140->38141 38141->38140 38144->38132 38146 664f98d 38145->38146 38147 664fba2 38146->38147 38148 664fbb8 GlobalMemoryStatusEx 38146->38148 38147->38132 38148->38146 38150 664f98d 38149->38150 38151 664fba2 38150->38151 38152 664fbb8 GlobalMemoryStatusEx 38150->38152 38151->38132 38152->38150 38160 28eea50 38153->38160 38154 28eea36 38154->38139 38157 28eea28 38156->38157 38159 28eea50 GlobalMemoryStatusEx 38157->38159 38158 28eea36 38158->38139 38159->38158 38161 28eea6d 38160->38161 38163 28eea95 38160->38163 38161->38154 38162 28eeab6 38162->38154 38163->38162 38164 28eeb1b 38163->38164 38165 28eeb7e GlobalMemoryStatusEx 38163->38165 38164->38154 38166 28eebae 38165->38166 38166->38154 38249 6632878 38250 66328be GetCurrentProcess 38249->38250 38252 6632910 GetCurrentThread 38250->38252 38253 6632909 38250->38253 38254 6632946 38252->38254 38255 663294d GetCurrentProcess 38252->38255 38253->38252 38254->38255 38256 6632983 38255->38256 38257 66329ab GetCurrentThreadId 38256->38257 38258 66329dc 38257->38258

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 394 66455a0-66455bd 395 66455bf-66455c2 394->395 396 66455c4-66455cd 395->396 397 66455d8-66455db 395->397 398 66456a5-66456ae 396->398 399 66455d3 396->399 400 66455f7-66455fa 397->400 401 66455dd-66455f2 397->401 404 66456b4-66456bf 398->404 405 664578a-66457b3 398->405 399->397 402 6645606-6645609 400->402 403 66455fc-6645605 400->403 401->400 407 6645615-664561b 402->407 408 664560b-664560e 402->408 404->405 409 66456c5-66456d5 404->409 422 66457bd-66457c0 405->422 411 6645740-664574e 407->411 412 6645621 407->412 408->396 410 6645610-6645613 408->410 409->405 414 66456db-66456df 409->414 410->407 416 6645626-6645629 410->416 417 6645755-6645758 411->417 412->416 415 66456e4-66456e7 414->415 418 66456fd-6645700 415->418 419 66456e9-66456f8 415->419 420 6645633-6645636 416->420 421 664562b-664562e 416->421 423 664575d-6645760 417->423 424 6645702-6645709 418->424 425 664570e-6645711 418->425 419->418 426 6645638-6645655 420->426 427 664565a-664565d 420->427 421->420 428 66457c2-66457c9 422->428 429 66457ca-66457cd 422->429 432 6645762-6645767 423->432 433 664576a-664576c 423->433 424->425 435 6645713-6645717 425->435 436 664571e-6645721 425->436 426->427 430 6645674-6645677 427->430 431 664565f-664566f 427->431 437 66457ef-66457f2 429->437 438 66457cf-66457d3 429->438 443 6645685-6645688 430->443 444 6645679-664567e 430->444 431->430 432->433 441 6645773-6645776 433->441 442 664576e 433->442 445 664577c-6645789 435->445 446 6645719 435->446 447 6645723-6645726 436->447 448 664572b-664572e 436->448 439 6645814-6645817 437->439 440 66457f4-66457f8 437->440 450 66457d9-66457e1 438->450 451 66458aa-66458e4 438->451 454 664582f-6645832 439->454 455 6645819-664582a 439->455 440->451 453 66457fe-6645806 440->453 441->395 441->445 442->441 460 66456a0-66456a3 443->460 461 664568a-664569b 443->461 444->421 459 6645680 444->459 446->436 447->448 456 6645730-6645736 448->456 457 664573b-664573e 448->457 450->451 452 66457e7-66457ea 450->452 472 66458e6-66458e9 451->472 452->437 453->451 462 664580c-664580f 453->462 463 6645834-6645838 454->463 464 664584c-664584f 454->464 455->454 456->457 457->411 457->423 459->443 460->398 460->415 461->460 462->439 463->451 468 664583a-6645842 463->468 469 6645860-6645863 464->469 470 6645851-664585b 464->470 468->451 477 6645844-6645847 468->477 475 6645865-664586c 469->475 476 6645873-6645876 469->476 470->469 473 66458f7-66458fa 472->473 474 66458eb-66458f2 472->474 478 6645914-6645917 473->478 479 66458fc-664590d 473->479 474->473 481 66458a2-66458a9 475->481 482 664586e 475->482 483 6645890-6645892 476->483 484 6645878-664587c 476->484 477->464 486 6645921-6645924 478->486 487 6645919-664591e 478->487 494 6645960-6645973 479->494 495 664590f 479->495 482->476 488 6645894 483->488 489 6645899-664589c 483->489 484->451 485 664587e-6645886 484->485 485->451 493 6645888-664588b 485->493 491 6645926-6645937 486->491 492 664593e-6645941 486->492 487->486 488->489 489->422 489->481 496 6645943-6645954 491->496 504 6645939 491->504 492->496 497 664595b-664595e 492->497 493->483 495->478 496->474 505 6645956 496->505 497->494 499 6645976-6645979 497->499 502 6645987-664598a 499->502 503 664597b-6645982 499->503 506 664598c-664599d 502->506 507 66459a8-66459ab 502->507 503->502 504->492 505->497 506->474 513 66459a3 506->513 508 66459b6-6645b4a 507->508 509 66459ad-66459b0 507->509 543 6645c80-6645c93 508->543 544 6645b50-6645b57 508->544 509->508 511 6645c96-6645c99 509->511 514 6645cb7-6645cba 511->514 515 6645c9b-6645cac 511->515 513->507 514->508 516 6645cc0-6645cc2 514->516 515->474 522 6645cb2 515->522 517 6645cc4 516->517 518 6645cc9-6645ccc 516->518 517->518 518->472 521 6645cd2-6645cdb 518->521 522->514 545 6645b5d-6645b90 544->545 546 6645c0b-6645c12 544->546 557 6645b95-6645bd6 545->557 558 6645b92 545->558 546->543 547 6645c14-6645c47 546->547 559 6645c4c-6645c79 547->559 560 6645c49 547->560 568 6645bee-6645bf5 557->568 569 6645bd8-6645be9 557->569 558->557 559->521 560->559 571 6645bfd-6645bff 568->571 569->521 571->521
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: $
                                                        • API String ID: 0-3993045852
                                                        • Opcode ID: e30577748e230c442317c9bad64543f97b4ff4fda7ff8f3476324d61fa41cf62
                                                        • Instruction ID: 870ac5c90d5a5e89d1dd1bd20afcfbe5e26f962bfdc8b9cf5ff4e04887824f62
                                                        • Opcode Fuzzy Hash: e30577748e230c442317c9bad64543f97b4ff4fda7ff8f3476324d61fa41cf62
                                                        • Instruction Fuzzy Hash: 6C22C275F002189FDF60EBA9C4806AEBBF2EF85320F24846AD416AB354DB31DD45CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c07fc8dc1c7b9dc95d256fe6c2a06895d6b17d561759272ba82ed8be22a1bbc4
                                                        • Instruction ID: d935bcc6170c8771cfc8b3a2683c81f44fa43f259be8079f552f22f506918b21
                                                        • Opcode Fuzzy Hash: c07fc8dc1c7b9dc95d256fe6c2a06895d6b17d561759272ba82ed8be22a1bbc4
                                                        • Instruction Fuzzy Hash: E1629F34B002049FDB54EB68D594AAEBBF2FF89310F148469E406EB394DB36ED45CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c10c12825f8b8ab18aa4e5350f560dd91b48802c65c04cabac11874111ab60c4
                                                        • Instruction ID: 1c9ff5d33c89a82c2912f1eaab671c47a3e724ac6fff0fbbf0f3d10ec998f96e
                                                        • Opcode Fuzzy Hash: c10c12825f8b8ab18aa4e5350f560dd91b48802c65c04cabac11874111ab60c4
                                                        • Instruction Fuzzy Hash: 2E327E74B052089FDF54EB68D990BAEB7B2FB88310F108529D506EB395DB31EC42CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 83b5e4eb3fa59d36390c82a791aa0d1af433d8cfac400108f4cd3b0e03fef6c8
                                                        • Instruction ID: 92264e66ec2e1b1a401c3fad215feb074081ee5469f03edabcd1e35c6368d683
                                                        • Opcode Fuzzy Hash: 83b5e4eb3fa59d36390c82a791aa0d1af433d8cfac400108f4cd3b0e03fef6c8
                                                        • Instruction Fuzzy Hash: 63227230E042099FEF64EBADD4907AEB7B2FB49310F248526E415EB395CA35DC81CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c0a7ad5d500fe31f73447c9d9dd09cceedfffefa295c467ad4d9f1161337f643
                                                        • Instruction ID: 79e5f809722c0c076b9c800f7553d51d4f8d732f36e150f60d29494136d2f019
                                                        • Opcode Fuzzy Hash: c0a7ad5d500fe31f73447c9d9dd09cceedfffefa295c467ad4d9f1161337f643
                                                        • Instruction Fuzzy Hash: A6322E35E10719CFDB24EB69C89069DB7B2FF89300F50C66AD449BB354EB70A985CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c5c34b98f886860d4b394b88381a6cc68d847ffc3f8f7c3594a26ba934d84783
                                                        • Instruction ID: ef9b3467ddd128d842332686ade9ee1f90b82d3b5459b6f7e24c9bd5f4c0013f
                                                        • Opcode Fuzzy Hash: c5c34b98f886860d4b394b88381a6cc68d847ffc3f8f7c3594a26ba934d84783
                                                        • Instruction Fuzzy Hash: BC029F30B112058FDB54EBA8D490AAEBBF2FF88710F148529D405EB395DB35ED46CB90

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 066328F6
                                                        • GetCurrentThread.KERNEL32 ref: 06632933
                                                        • GetCurrentProcess.KERNEL32 ref: 06632970
                                                        • GetCurrentThreadId.KERNEL32 ref: 066329C9
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: bad157ca7d18ddf99c31228d9cfa6b31948ae6b878bf8752bf81863bc68835e3
                                                        • Instruction ID: 3f464df25e840540d921b1e92be486590bc72cc8ddc6ce36e20130084aba0f81
                                                        • Opcode Fuzzy Hash: bad157ca7d18ddf99c31228d9cfa6b31948ae6b878bf8752bf81863bc68835e3
                                                        • Instruction Fuzzy Hash: 2B5156B090064A8FDB94CFAAD948BDEBBF5BF88310F208459E409A73A0D7755A44CF65

                                                        Control-flow Graph

                                                        APIs
                                                        • GetCurrentProcess.KERNEL32 ref: 066328F6
                                                        • GetCurrentThread.KERNEL32 ref: 06632933
                                                        • GetCurrentProcess.KERNEL32 ref: 06632970
                                                        • GetCurrentThreadId.KERNEL32 ref: 066329C9
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: Current$ProcessThread
                                                        • String ID:
                                                        • API String ID: 2063062207-0
                                                        • Opcode ID: 1506e9af8c4247626c72e2b979c8cdd9169074759c1da456e226ae4977da2181
                                                        • Instruction ID: 5207abb303f89134782f59259aff032213d473dfe054f736c468c3dfed84efca
                                                        • Opcode Fuzzy Hash: 1506e9af8c4247626c72e2b979c8cdd9169074759c1da456e226ae4977da2181
                                                        • Instruction Fuzzy Hash: 925157B09007498FDB94CFAAD948B9EBBF5BF88310F208459E409A7390D7755A44CF65

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 52 663af10-663af2f 54 663af31-663af3e call 663a2e4 52->54 55 663af5b-663af5f 52->55 60 663af40 54->60 61 663af54 54->61 56 663af73-663afb4 55->56 57 663af61-663af6b 55->57 64 663afc1-663afcf 56->64 65 663afb6-663afbe 56->65 57->56 108 663af46 call 663b1ab 60->108 109 663af46 call 663b1b8 60->109 61->55 67 663aff3-663aff5 64->67 68 663afd1-663afd6 64->68 65->64 66 663af4c-663af4e 66->61 71 663b090-663b150 66->71 72 663aff8-663afff 67->72 69 663afe1 68->69 70 663afd8-663afdf call 663a2f0 68->70 74 663afe3-663aff1 69->74 70->74 103 663b152-663b155 71->103 104 663b158-663b183 GetModuleHandleW 71->104 75 663b001-663b009 72->75 76 663b00c-663b013 72->76 74->72 75->76 78 663b020-663b029 call 663348c 76->78 79 663b015-663b01d 76->79 84 663b036-663b03b 78->84 85 663b02b-663b033 78->85 79->78 87 663b059-663b066 84->87 88 663b03d-663b044 84->88 85->84 94 663b089-663b08f 87->94 95 663b068-663b086 87->95 88->87 89 663b046-663b056 call 6638900 call 663a300 88->89 89->87 95->94 103->104 105 663b185-663b18b 104->105 106 663b18c-663b1a0 104->106 105->106 108->66 109->66
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0663B176
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID: tb$tb
                                                        • API String ID: 4139908857-786838781
                                                        • Opcode ID: e6d201af37a9714a21fc65ab5ad7c2745be7679e79276b860317983b092545d9
                                                        • Instruction ID: faa7f1212da6e3db2d5c6ea4797f517a8bbd88fd7cf480155650fcade2b19272
                                                        • Opcode Fuzzy Hash: e6d201af37a9714a21fc65ab5ad7c2745be7679e79276b860317983b092545d9
                                                        • Instruction Fuzzy Hash: 178144B0A00B158FD7A4DF6AD54175ABBF1BF88300F008A2ED49ADBB50D775E845CB90

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 110 664ace0-664acfe 111 664ad00-664ad03 110->111 112 664ad14-664ad17 111->112 113 664ad05-664ad09 111->113 114 664ad21-664ad24 112->114 115 664ad19-664ad1e 112->115 116 664af0c-664af16 113->116 117 664ad0f 113->117 118 664ad26-664ad39 114->118 119 664ad3e-664ad41 114->119 115->114 117->112 118->119 121 664ad47-664ad4a 119->121 122 664aefd-664af06 119->122 124 664ad4c-664ad55 121->124 125 664ad5a-664ad5d 121->125 122->116 123 664ad5f-664ad68 122->123 128 664af17-664af21 123->128 129 664ad6e-664ad72 123->129 124->125 125->123 127 664ad77-664ad7a 125->127 130 664ad7c-664ad89 127->130 131 664ad8e-664ad91 127->131 136 664af23-664af25 128->136 137 664af7f-664af81 128->137 129->127 130->131 132 664adb4-664adb6 131->132 133 664ad93-664adaf 131->133 138 664adbd-664adc0 132->138 139 664adb8 132->139 133->132 140 664af83-664afb4 136->140 142 664af27-664af2c 136->142 137->140 138->111 143 664adc6-664adea 138->143 139->138 150 664b1a7-664b1ba 140->150 151 664afba-664afc6 140->151 144 664af3e-664af4e 142->144 145 664af2e-664af3b 142->145 162 664adf0-664adff 143->162 163 664aefa 143->163 148 664af50-664af53 144->148 145->144 152 664af55-664af59 148->152 153 664af60-664af63 148->153 154 664b1bc 150->154 164 664afe6-664b02a 151->164 165 664afc8-664afe1 151->165 155 664af79-664af7e 152->155 156 664af5b 152->156 157 664af65-664af6f 153->157 158 664af70-664af73 153->158 161 664b1dc-664b1df 154->161 155->137 156->153 158->155 158->161 166 664b1e1 call 664b238 161->166 167 664b1ee-664b1f1 161->167 171 664ae17-664ae52 call 66465a0 162->171 172 664ae01-664ae07 162->172 163->122 191 664b046-664b085 164->191 192 664b02c-664b03e 164->192 165->154 176 664b1e7-664b1e9 166->176 169 664b214-664b216 167->169 170 664b1f3-664b20f 167->170 173 664b21d-664b220 169->173 174 664b218 169->174 170->169 194 664ae54-664ae5a 171->194 195 664ae6a-664ae81 171->195 178 664ae09 172->178 179 664ae0b-664ae0d 172->179 173->148 180 664b226-664b230 173->180 174->173 176->167 178->171 179->171 200 664b16c-664b181 191->200 201 664b08b-664b166 call 66465a0 191->201 192->191 198 664ae5c 194->198 199 664ae5e-664ae60 194->199 209 664ae83-664ae89 195->209 210 664ae99-664aeaa 195->210 198->195 199->195 200->150 201->200 211 664ae8d-664ae8f 209->211 212 664ae8b 209->212 215 664aec2-664aef3 210->215 216 664aeac-664aeb2 210->216 211->210 212->210 215->163 217 664aeb4 216->217 218 664aeb6-664aeb8 216->218 217->215 218->215
                                                        Strings
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID: XM$XM
                                                        • API String ID: 0-3763735773
                                                        • Opcode ID: 7af96aaca1adf25ee499a429591b406f4a1686fd85e80715bce05ed11067f664
                                                        • Instruction ID: 3df3d0eb4d81603f2222290adc9c2ea12454dd89817f63b55a31e087a53af561
                                                        • Opcode Fuzzy Hash: 7af96aaca1adf25ee499a429591b406f4a1686fd85e80715bce05ed11067f664
                                                        • Instruction Fuzzy Hash: 3AE17F70F103099FDB55EBA8D8906AEB7B2EF89300F108529D816EB358DB71DC46CB91

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 572 28eea50-28eea6b 573 28eea6d-28eea94 572->573 574 28eea95-28eeab4 call 28ee1c8 572->574 579 28eeaba-28eeb19 574->579 580 28eeab6-28eeab9 574->580 587 28eeb1f-28eebac GlobalMemoryStatusEx 579->587 588 28eeb1b-28eeb1e 579->588 592 28eebae-28eebb4 587->592 593 28eebb5-28eebdd 587->593 592->593
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3832566073.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: d8e2587ff8c2a9b100edb8033888381e9c939301bacbf846e72f34d6271135df
                                                        • Instruction ID: 4b23d1ef5e40bcb27f65a7a36944e0826776a9e18a22a28796faea2a77115fb8
                                                        • Opcode Fuzzy Hash: d8e2587ff8c2a9b100edb8033888381e9c939301bacbf846e72f34d6271135df
                                                        • Instruction Fuzzy Hash: 31412431E003559FDB14CFB5D4047DABBF5EF8A220F14856AD809E7280DB749884CBE1

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 596 663d0e4-663d0e6 597 663d0e8-663d0ec 596->597 598 663d0ee-663d156 596->598 597->598 600 663d161-663d168 598->600 601 663d158-663d15e 598->601 602 663d173-663d1ab 600->602 603 663d16a-663d170 600->603 601->600 604 663d1b3-663d212 CreateWindowExW 602->604 603->602 605 663d214-663d21a 604->605 606 663d21b-663d253 604->606 605->606 610 663d260 606->610 611 663d255-663d258 606->611 612 663d261 610->612 611->610 612->612
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0663D202
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 3def6b2cc7d2e6c478a0f89570adf316baed9df275046f20a79eb81e92d24d3b
                                                        • Instruction ID: b9b3a1608cb736bebb3e480c6bf30d1da4b5e73e4ba3e9e0e971ea78c0e2c871
                                                        • Opcode Fuzzy Hash: 3def6b2cc7d2e6c478a0f89570adf316baed9df275046f20a79eb81e92d24d3b
                                                        • Instruction Fuzzy Hash: D551D1B1D00359AFDB14CFA9D984ADEBFB5BF48310F24852AE819AB250D7719885CF90

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 613 663d0f0-663d156 614 663d161-663d168 613->614 615 663d158-663d15e 613->615 616 663d173-663d212 CreateWindowExW 614->616 617 663d16a-663d170 614->617 615->614 619 663d214-663d21a 616->619 620 663d21b-663d253 616->620 617->616 619->620 624 663d260 620->624 625 663d255-663d258 620->625 626 663d261 624->626 625->624 626->626
                                                        APIs
                                                        • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0663D202
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: CreateWindow
                                                        • String ID:
                                                        • API String ID: 716092398-0
                                                        • Opcode ID: 8b4d20b0cb2efe6217526096f1843b08e9f6ecc6547d6b8738d4b839198a1c25
                                                        • Instruction ID: 8836a1adeed2ebfe953d793a21e72a8f179600bc0ac5daab242bfa91710782f1
                                                        • Opcode Fuzzy Hash: 8b4d20b0cb2efe6217526096f1843b08e9f6ecc6547d6b8738d4b839198a1c25
                                                        • Instruction Fuzzy Hash: 2441B0B1D00319EFDB14CF9AD984ADEBBB5BF88310F24852AE818AB250D7759945CF90

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 627 663a5ec-663f86c 630 663f872-663f877 627->630 631 663f91c-663f93c call 663a4c4 627->631 633 663f8ca-663f902 CallWindowProcW 630->633 634 663f879-663f8b0 630->634 638 663f93f-663f94c 631->638 635 663f904-663f90a 633->635 636 663f90b-663f91a 633->636 641 663f8b2-663f8b8 634->641 642 663f8b9-663f8c8 634->642 635->636 636->638 641->642 642->638
                                                        APIs
                                                        • CallWindowProcW.USER32(?,?,?,?,?), ref: 0663F8F1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: CallProcWindow
                                                        • String ID:
                                                        • API String ID: 2714655100-0
                                                        • Opcode ID: cecf27722b608eec81c25869a1610d90ebe2f4a1e358fc7f8f70c9f932b286a7
                                                        • Instruction ID: 5a66b176e67bde921c4af509947dff841c943766a8ab8161944729bf12857b1a
                                                        • Opcode Fuzzy Hash: cecf27722b608eec81c25869a1610d90ebe2f4a1e358fc7f8f70c9f932b286a7
                                                        • Instruction Fuzzy Hash: 38412BB4E00319DFDB54CF9AC848AAABBF5FF88314F248859D519A7361D774A841CFA0

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 644 6632ab8-6632b54 DuplicateHandle 645 6632b56-6632b5c 644->645 646 6632b5d-6632b7a 644->646 645->646
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06632B47
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: e22e193ccc0df0c410a40173bf6b352087a5f66a5217d989dcba592c7c95ca53
                                                        • Instruction ID: 560febf8eb43a1c4fa0c4d8a5f07e33a09ec4c0eb011244285dee96264492fd3
                                                        • Opcode Fuzzy Hash: e22e193ccc0df0c410a40173bf6b352087a5f66a5217d989dcba592c7c95ca53
                                                        • Instruction Fuzzy Hash: 7221E4B5D00259DFDB10CFAAD884ADEBBF4FB48310F14841AE914A7750D374A950CFA0

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 649 6632ac0-6632b54 DuplicateHandle 650 6632b56-6632b5c 649->650 651 6632b5d-6632b7a 649->651 650->651
                                                        APIs
                                                        • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06632B47
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: DuplicateHandle
                                                        • String ID:
                                                        • API String ID: 3793708945-0
                                                        • Opcode ID: 47103ff14596d4c67eb6b9d085edce7cfaa2b898e1ba6187fbbc22e4e8f94585
                                                        • Instruction ID: c8543e9d24e4c2ec7c4cfa0ca92970230a69df0211cfd169b4d57f430e20de02
                                                        • Opcode Fuzzy Hash: 47103ff14596d4c67eb6b9d085edce7cfaa2b898e1ba6187fbbc22e4e8f94585
                                                        • Instruction Fuzzy Hash: A821E4B59002099FDB10CF9AD884ADEFBF8FB48310F14841AE914A7350D374A940CF60

                                                        Control-flow Graph

                                                        • Executed
                                                        • Not Executed
                                                        control_flow_graph 654 28eeb38-28eeb76 655 28eeb7e-28eebac GlobalMemoryStatusEx 654->655 656 28eebae-28eebb4 655->656 657 28eebb5-28eebdd 655->657 656->657
                                                        APIs
                                                        • GlobalMemoryStatusEx.KERNELBASE ref: 028EEB9F
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3832566073.00000000028E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 028E0000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_28e0000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: GlobalMemoryStatus
                                                        • String ID:
                                                        • API String ID: 1890195054-0
                                                        • Opcode ID: 8f827d5d2d7ba9047fb75101d8cfcbee7486da58a18f8ddcc80dd8e5cdbe4427
                                                        • Instruction ID: 5bdbe489c756d8189b97d3bc2291ed77bb5fec5d0ca40e49e60662ad00d102bc
                                                        • Opcode Fuzzy Hash: 8f827d5d2d7ba9047fb75101d8cfcbee7486da58a18f8ddcc80dd8e5cdbe4427
                                                        • Instruction Fuzzy Hash: 951112B5C0065A9BDB10CF9AC444BDEFBF4AF49220F14856AD818B7640D378A944CFA1
                                                        APIs
                                                        • GetModuleHandleW.KERNELBASE(00000000), ref: 0663B176
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840540389.0000000006630000.00000040.00000800.00020000.00000000.sdmp, Offset: 06630000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6630000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID: HandleModule
                                                        • String ID:
                                                        • API String ID: 4139908857-0
                                                        • Opcode ID: ea92fe90168209d970649697b4b71aca64c99bababc8e0d3d4a1daf59bf40b3b
                                                        • Instruction ID: 8fa0d636de4b5ba278f358aa45a314c794719c8a693ecf2b8d6cdd8a473119e4
                                                        • Opcode Fuzzy Hash: ea92fe90168209d970649697b4b71aca64c99bababc8e0d3d4a1daf59bf40b3b
                                                        • Instruction Fuzzy Hash: E3110FB5C002498FDB10CF9AC844BDEFBF4AB89320F10842AD428A7710D3B9A545CFA1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e76ee109d3f608455be547f713ec90d239bd1f91ecbe72adf3fdd68846c3840e
                                                        • Instruction ID: 28eb141044712390f2cfa630bf25d393f24f8ba51693a0dd8bab2583a2ddf760
                                                        • Opcode Fuzzy Hash: e76ee109d3f608455be547f713ec90d239bd1f91ecbe72adf3fdd68846c3840e
                                                        • Instruction Fuzzy Hash: 62926734E002048FDB64EB68C594AADBBF6FF49314F6484A9E409EB351DB35ED85CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: cb3db6f3cd86ddc55b040069ce9a97d2a5352d1167d07f6526cf2f6086bca6cf
                                                        • Instruction ID: b1a001faea85ace23097afbc92bc31efd2c81240f2b98e1b71d33c32c8e4c19c
                                                        • Opcode Fuzzy Hash: cb3db6f3cd86ddc55b040069ce9a97d2a5352d1167d07f6526cf2f6086bca6cf
                                                        • Instruction Fuzzy Hash: AE624C70A006098FDB55EB68D590A9EB7F2FF89300F208A68D4059F359DB71ED86CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 559f57942cba3237d579c2c8e16cebcc666e643285b209ef9fd111d3c3a3cc76
                                                        • Instruction ID: a9434c6e08a06f5512f433b72f49ad64b8621f80ab4d9bc04e53ed04ab4121dd
                                                        • Opcode Fuzzy Hash: 559f57942cba3237d579c2c8e16cebcc666e643285b209ef9fd111d3c3a3cc76
                                                        • Instruction Fuzzy Hash: F7025A30E04209CFDBA4EB69D4807ADB7B2FB89310F24856AE415EB345DB75ED81CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c364fedfb6b418ee6a6b5814b8d94accdb47dbb9ae7db8c508434f3d53058242
                                                        • Instruction ID: a900101deb8d8eede787101efd489605eeb23e20ac7eaff94af47b3429fd8d9d
                                                        • Opcode Fuzzy Hash: c364fedfb6b418ee6a6b5814b8d94accdb47dbb9ae7db8c508434f3d53058242
                                                        • Instruction Fuzzy Hash: 91914070F506198FDB54EB69D8607AF7BF2FF89300F508669C809AB344EB719D818B91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3782703cf8781da5a72d66a56b54f6e20bf2e0c095f9015a1e5ea01cb15f0a78
                                                        • Instruction ID: 2026eab73101cc5c1ced18662d55bcce0b88bd83836ac171bf2dbc6bdf1c7222
                                                        • Opcode Fuzzy Hash: 3782703cf8781da5a72d66a56b54f6e20bf2e0c095f9015a1e5ea01cb15f0a78
                                                        • Instruction Fuzzy Hash: DE61B2B1F005104FDF50ABBEC89066FAAD7AFC5620B254439D80ADB360DEB6ED0287D1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 1d48b02d9cd3b182924d0b6c734c84ff754445b23d7dd84c835ac07739082718
                                                        • Instruction ID: aa34c160620b94250eac50556c1d31dd7f01be302c4866adcad8472f6f90ae77
                                                        • Opcode Fuzzy Hash: 1d48b02d9cd3b182924d0b6c734c84ff754445b23d7dd84c835ac07739082718
                                                        • Instruction Fuzzy Hash: 7B811A70B002088FDF55EBA9D4A17AEBBF2EB89300F508529D50AEB345DF34DC468B51
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f533a51818ba13178da91fc02802cd29c921c172c149e71660ce26bd9954e2e6
                                                        • Instruction ID: eedc8c3122d24f8a1150ab4d67b135c7f6a6aa16180d065ae11d0ad632432ecf
                                                        • Opcode Fuzzy Hash: f533a51818ba13178da91fc02802cd29c921c172c149e71660ce26bd9954e2e6
                                                        • Instruction Fuzzy Hash: 46913A30E106198FDB60DF68C890B9DBBB1FF89310F208599D549AB381DB71AA85CF91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ae4ee158bd3261aa5c9cd4e50da07c5a58303cdd0c070ca68e607c51c614fdc2
                                                        • Instruction ID: c34e868de7959c6b1954e38d6b4cd3d8f9cff04e4f7997b06d227a8c9ebc7254
                                                        • Opcode Fuzzy Hash: ae4ee158bd3261aa5c9cd4e50da07c5a58303cdd0c070ca68e607c51c614fdc2
                                                        • Instruction Fuzzy Hash: 76912934E106198BDF60DF68C880B9DB7B1FF89310F208699D549BB395DB71AA85CF90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: ff5d72ade5b41e815cea2b9b20402f43c2dc255a1600bafeb4c83a506c4f2656
                                                        • Instruction ID: fc915e8a3d8117b7b54d3b1aab91d2340970f3f12743eb486c1572e06bb88eae
                                                        • Opcode Fuzzy Hash: ff5d72ade5b41e815cea2b9b20402f43c2dc255a1600bafeb4c83a506c4f2656
                                                        • Instruction Fuzzy Hash: 9F61E131E011089FDF54BBB8E8947AEBBB2FBC9315F10886AE506DB350DB358955CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: fac6ad14b42961f0454cd44a84aee7fc82c6067bf8ad951352cd9d0672deed6e
                                                        • Instruction ID: a60ea6aee700622aac21665ced0c8fcbd9349c77a3d056540faf275462a5bf2e
                                                        • Opcode Fuzzy Hash: fac6ad14b42961f0454cd44a84aee7fc82c6067bf8ad951352cd9d0672deed6e
                                                        • Instruction Fuzzy Hash: 61713B70A002089FDB54EFA9D980A9EBBF6FF88300F248429E415EB355DB31ED46CB51
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f84e669f4db41058730fcb427fc703e8b882119c0ec5db1c3de42b5a50141b8d
                                                        • Instruction ID: 5facc8ba156102a89f9cf4838f69fcce02c1d6029f690d3fc56d7db77f5bccad
                                                        • Opcode Fuzzy Hash: f84e669f4db41058730fcb427fc703e8b882119c0ec5db1c3de42b5a50141b8d
                                                        • Instruction Fuzzy Hash: AB711970E002089FDB54EBA9D990AAEBBF6FF88310F248429D415EB355DB31ED46CB51
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 25987dc213bd6beb05bda8998094611e55689407bf0b3dad806dcc3ba73d95f1
                                                        • Instruction ID: 9e5cdf32bfad4665d843770e8a06d3f5be254ca9d971ca712936bf456b389004
                                                        • Opcode Fuzzy Hash: 25987dc213bd6beb05bda8998094611e55689407bf0b3dad806dcc3ba73d95f1
                                                        • Instruction Fuzzy Hash: 26615070F002189FEB54ABA9C8157AEBBF6FF88700F20842AD506AB395DF754D458B90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 407a501e35f22d2737cf1d8be2f6f72e0b9d414386eff23507cc43fc57f0f0e6
                                                        • Instruction ID: 17819dd989acb89c4f7dd753e0f0037f0dc2ebcd93b89f7b882bc9e454ac1df4
                                                        • Opcode Fuzzy Hash: 407a501e35f22d2737cf1d8be2f6f72e0b9d414386eff23507cc43fc57f0f0e6
                                                        • Instruction Fuzzy Hash: 8A514170B505059FDB54EB78D860BAF7BF6FB88310F50866AD809DB348DB319C418BA1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 13ccdbf64a46cbb9fb24df64809be6dd0ab7e8b584e38de97f214104d058278c
                                                        • Instruction ID: c08ab9ab2ca5b49579a4deb6a53b57b94445118cc184771d7275c1717348c190
                                                        • Opcode Fuzzy Hash: 13ccdbf64a46cbb9fb24df64809be6dd0ab7e8b584e38de97f214104d058278c
                                                        • Instruction Fuzzy Hash: 3951B574B502049BFF64B668D85476F37AAEBCA350F20842AE10BD73D5CA79CC4187A2
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a898b7fe59e2becdc9a3993262b19b3950e165c088b8263656fdbc47a19854aa
                                                        • Instruction ID: a256f770ce5dcd5f9ad357870cb979c1e8785298f4e6025b1231d9b7061bb75a
                                                        • Opcode Fuzzy Hash: a898b7fe59e2becdc9a3993262b19b3950e165c088b8263656fdbc47a19854aa
                                                        • Instruction Fuzzy Hash: 9451A574B502149BEF64B668D85476F37ABE7CE310F20842AE10BD73D5CA79CC4147A2
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 5bd82b7e40c065d1eac8281c71224bba7ebca93dc5934391da224c56343bb410
                                                        • Instruction ID: 56b2c13aff58d0a979602cda20e20cf2d23231ab29a8c095ca11489b4358a1ab
                                                        • Opcode Fuzzy Hash: 5bd82b7e40c065d1eac8281c71224bba7ebca93dc5934391da224c56343bb410
                                                        • Instruction Fuzzy Hash: AF518470B102089FDB559FE9C815B9EBBF6EF88700F20856AE105AB395DA749C45CB90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 3dffad7bc14fcb9641b98a01e95eb87813b5a2e343e24b0c5b1bb001ff63b42a
                                                        • Instruction ID: e02b74e93821b3e3a46339cd03dc0b6e936de2f01b2be7ecb902f46e7059de20
                                                        • Opcode Fuzzy Hash: 3dffad7bc14fcb9641b98a01e95eb87813b5a2e343e24b0c5b1bb001ff63b42a
                                                        • Instruction Fuzzy Hash: 43415C71E006098FDB70DEA9D881ABFFBF2FB84310F10892AE156D7650D230E955CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 91f0f68bddb186b7837d92d9f90065ec79b5e6a6f1b5fccbae79029c3d06a134
                                                        • Instruction ID: beca0d6c7fd046ae5ca8807fa0b027c04d6159de1a9f524cc93445579febf1a0
                                                        • Opcode Fuzzy Hash: 91f0f68bddb186b7837d92d9f90065ec79b5e6a6f1b5fccbae79029c3d06a134
                                                        • Instruction Fuzzy Hash: AE417170E003499FDB65EFA5D49479EBBB2BF8A340F204529E805EB340DB74D946CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 52fbdbf31f9a0d13eaff71cbfa5359257f43baebb55aa993337416a75f1e84f2
                                                        • Instruction ID: 1dd16644d22999de73a6e461d689ff32871f4aacd6de4b09f6d8afb5517cf65b
                                                        • Opcode Fuzzy Hash: 52fbdbf31f9a0d13eaff71cbfa5359257f43baebb55aa993337416a75f1e84f2
                                                        • Instruction Fuzzy Hash: 7B31DE30B002058FDB54AB75D82476F3BA6BF89650F208529E406EB395EF35CE46CBA1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b0bdf6b0947fdec15a5484448d060f1575790c64461fe2a4f58c40e5670cb74e
                                                        • Instruction ID: 97bb83a739527ccea20b1783eef509db8b1ef0798a45b4b268f2c74b5c2606ee
                                                        • Opcode Fuzzy Hash: b0bdf6b0947fdec15a5484448d060f1575790c64461fe2a4f58c40e5670cb74e
                                                        • Instruction Fuzzy Hash: 1831C530E103099BDF15EF65D88069EBBB6FF89304F108529E805EB341EB71E986CB91
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a73254bd730c85e77a61887d52574a788f584056fead1c15cb7f0ab8906dc316
                                                        • Instruction ID: 1b9826d75f6d79bd29ee76cae0466c9a1708908db5a5865e190357b368c76a0a
                                                        • Opcode Fuzzy Hash: a73254bd730c85e77a61887d52574a788f584056fead1c15cb7f0ab8906dc316
                                                        • Instruction Fuzzy Hash: 94317030E102099FDB59DF65D8A46AEB7F6FF89300F208529EA06E7350DB71AD46CB50
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 6738507299c3c290190a9d08ba2737b2d32bce9647a83965aacf39601fbe78d4
                                                        • Instruction ID: c8919070cba0473cd52b202a51a816396e5d38dddf99a37e21c7bf93e3960f24
                                                        • Opcode Fuzzy Hash: 6738507299c3c290190a9d08ba2737b2d32bce9647a83965aacf39601fbe78d4
                                                        • Instruction Fuzzy Hash: A6318E30E102098BCB55DF69D8A46AEB7F6FF89300F208529EA06E7350DB71AD46CB50
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 243c071d807ed8977eda1ace70b68930186b68e81070cbbee4953d061824512a
                                                        • Instruction ID: 4a2067298e50e211ef7e3490b7149fa18118fbf39efa3dcf664e54944150e63b
                                                        • Opcode Fuzzy Hash: 243c071d807ed8977eda1ace70b68930186b68e81070cbbee4953d061824512a
                                                        • Instruction Fuzzy Hash: 6C213975F046159FDB50EFAED880AAEBBF5EB48710F14812AE905EB384E731D8418B94
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f90c9a12755604e0088721f37f2d398011a08e769a5dd9b177a76cde2bbc5a4d
                                                        • Instruction ID: 7ed4a0f34a54ab0bc9e0654dde489e136c6489ca2a348ba23d2a99ee48e0cd4f
                                                        • Opcode Fuzzy Hash: f90c9a12755604e0088721f37f2d398011a08e769a5dd9b177a76cde2bbc5a4d
                                                        • Instruction Fuzzy Hash: 87214A75F446159FDB50EF7DD880AAEBBF5EB48710F108126E905EB381D735D8418B90
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3832250009.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 299f1529bcbb3145844ed22f549bd4e7e15ce082c5498d61f8827fc13bb4caab
                                                        • Instruction ID: 01f3eaf52b2e69cc48fd2a785420a72e765a13be631fb49a165235fec3fe13b0
                                                        • Opcode Fuzzy Hash: 299f1529bcbb3145844ed22f549bd4e7e15ce082c5498d61f8827fc13bb4caab
                                                        • Instruction Fuzzy Hash: F821D071508344DFDB14DF10EDC0F26BBA6FB84318F24C569DA0A5A2A6C776D846CA62
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3832250009.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_e2d000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e2933351d86bd4043afb4e981fe1d66bd55e4a75d90f8b9b055a89dbe12d2e32
                                                        • Instruction ID: 6732f18e5387a8add420aaccb99524165477e24656229cead82b1d935691ba60
                                                        • Opcode Fuzzy Hash: e2933351d86bd4043afb4e981fe1d66bd55e4a75d90f8b9b055a89dbe12d2e32
                                                        • Instruction Fuzzy Hash: E9215E7150D3C09FC703CB24D994B11BF71AB46214F29C5DBD9898F2A7C33A985ACB62
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 7855f122864957d086cfc0297d63bea9199767ce961ccb43fc3627f7d034b57e
                                                        • Instruction ID: 63e507936a938de5d45c8fd6b53f2116fca420fb873a810a8f587534a9145ff9
                                                        • Opcode Fuzzy Hash: 7855f122864957d086cfc0297d63bea9199767ce961ccb43fc3627f7d034b57e
                                                        • Instruction Fuzzy Hash: 44118E31B141284FDB54A67DC8206AF77AAEBC8350F00853AC906E7380EF75DC028BA0
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 4a28407b6e318695ff8767a02091602c17d9d99310698bfeae789fb491b493e5
                                                        • Instruction ID: 08321a88a6d59858b9587c79e63ac7dfe9e9a75cb3bc0503af5f3893637e85eb
                                                        • Opcode Fuzzy Hash: 4a28407b6e318695ff8767a02091602c17d9d99310698bfeae789fb491b493e5
                                                        • Instruction Fuzzy Hash: 2101D835B042545FDB61E67CE851B7F7BDAEBCA320F10842AF109C7341D966DC4283A2
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9530eb1d22f4aa58bb535724584f74191c39c53f7127775660b11d77435ba53
                                                        • Instruction ID: 8f12cf97dd425070f64f63ae71224c430712a9a595e21399ba49bc1bf80b6e24
                                                        • Opcode Fuzzy Hash: a9530eb1d22f4aa58bb535724584f74191c39c53f7127775660b11d77435ba53
                                                        • Instruction Fuzzy Hash: 6C11B531B042500FDB61D6BDD855B2FBBDBEBCA310F18886AE50ADB385DD15DC0143A1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: c8b2ab0e5d830af908ddfefc278c3b5a9d57b352dc5c173e971adea10fe15fdf
                                                        • Instruction ID: 11e3074084ba12488201dcf34c9fbff482d763e17184d216bb8d8b2857e7036b
                                                        • Opcode Fuzzy Hash: c8b2ab0e5d830af908ddfefc278c3b5a9d57b352dc5c173e971adea10fe15fdf
                                                        • Instruction Fuzzy Hash: FA0128307046142FDB62E6BCE850B5F7BD9EB8F350F10842AE10ACB395E911DD018391
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: e19571217f71e8ea672f2bef035973bdb298892e1e3832c82b157134156c9d3c
                                                        • Instruction ID: de17df068e45a5941f6dd8ad17eac1b11f69c0203fbb85fa950429a563b25437
                                                        • Opcode Fuzzy Hash: e19571217f71e8ea672f2bef035973bdb298892e1e3832c82b157134156c9d3c
                                                        • Instruction Fuzzy Hash: 722124B1D01219AFCB10DF9AD884ACEFBB4FB09310F10852AE918B7340D374A940CFA4
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: b8a33e99c60313d4dbe3f4556828cf13782b490fe70d5017c3bd3aaabf33786f
                                                        • Instruction ID: 754212a2825064868aba1ca67e66ef2b1273304ad7e34fbc072581b368e1da7a
                                                        • Opcode Fuzzy Hash: b8a33e99c60313d4dbe3f4556828cf13782b490fe70d5017c3bd3aaabf33786f
                                                        • Instruction Fuzzy Hash: BB017172B141285FDB64A66ED8606EF7BAAEBC4360F00413AD509E7380EE659C0247E1
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: f2988402e35dbe257dc4d5d94c61e02761967d8a8e20ecf4fdb9e28d8f6474b4
                                                        • Instruction ID: e63239ddab7ebfbdb91b866033671fa208568c94e41d72d9278ed6297d73d054
                                                        • Opcode Fuzzy Hash: f2988402e35dbe257dc4d5d94c61e02761967d8a8e20ecf4fdb9e28d8f6474b4
                                                        • Instruction Fuzzy Hash: A411D0B5D01259AFCB00DF9AD884ACEFBB4FB49310F10812AE918B7340D374A954CFA5
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: db8c253a8a7fb4565a5de21d00ed290938550869db9ae7d778c4c18059000091
                                                        • Instruction ID: d78cf8904299f57f08510c9bde728be06b0f8ce8050f62fbdd56224552cf356f
                                                        • Opcode Fuzzy Hash: db8c253a8a7fb4565a5de21d00ed290938550869db9ae7d778c4c18059000091
                                                        • Instruction Fuzzy Hash: 3A018131B001140BDB64A5BDD455B2FB7DBEBCD720F208839E10AD7784DD61DC424391
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 74f09d2add453fd29c529a2f52eebc2cda7463173ace43cc355c4919f6e9c9b5
                                                        • Instruction ID: faaa621b6a60f438baf60a444c79d9881ffa38e642b68740bda4113555bc3ac5
                                                        • Opcode Fuzzy Hash: 74f09d2add453fd29c529a2f52eebc2cda7463173ace43cc355c4919f6e9c9b5
                                                        • Instruction Fuzzy Hash: 65018C31B001154BDB64E67DE450B3FA7DAEBCD720F108839E20AC7384EA66DC024792
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: a9695e5e86db90fbffe5ebb865e9b210fd526b65617ef8cc0d862e30561a23a4
                                                        • Instruction ID: 50a574cd39938d1974e77c2b85babd0aa365364a1a0cbd9c5aa528c20e32b59f
                                                        • Opcode Fuzzy Hash: a9695e5e86db90fbffe5ebb865e9b210fd526b65617ef8cc0d862e30561a23a4
                                                        • Instruction Fuzzy Hash: A701AF31B105146BDBA1EABCE450B2E73DAEB8E750F508829E50ACB358EE21ED018391
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 18f9448334a605f8a40cbc44c96ec4e66a00c3c9c21a264c60da3734fbbb1405
                                                        • Instruction ID: c0b6f35a50219867e96c014c1c6d315047061ad743f51dc3bbcbc874c7b3cce4
                                                        • Opcode Fuzzy Hash: 18f9448334a605f8a40cbc44c96ec4e66a00c3c9c21a264c60da3734fbbb1405
                                                        • Instruction Fuzzy Hash: 9AF0CD31B08205CFEFA6ABE8E9807AD77A9EB84310F14406ED805DB345C732EE52C791
                                                        Memory Dump Source
                                                        • Source File: 00000004.00000002.3840603515.0000000006640000.00000040.00000800.00020000.00000000.sdmp, Offset: 06640000, based on PE: false
                                                        Joe Sandbox IDA Plugin
                                                        • Snapshot File: hcaresult_4_2_6640000_KASHI SHIP PARTICULARS.jbxd
                                                        Similarity
                                                        • API ID:
                                                        • String ID:
                                                        • API String ID:
                                                        • Opcode ID: 64490a0e532166ce989bee62b577ec857e09eb57f07c6dfa4e4a0a538ffa02f9
                                                        • Instruction ID: c5ab6a01f199d996e0e43b83df39268167d9912e9436ee9fbe04b92a5ab69aa5
                                                        • Opcode Fuzzy Hash: 64490a0e532166ce989bee62b577ec857e09eb57f07c6dfa4e4a0a538ffa02f9
                                                        • Instruction Fuzzy Hash: 49E068B0E1538C6FDF00EEB0CE5068ABB6DCB03208F10C8E5D405CB242E032CE008780