Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
e-dekont_html.scr.exe

Overview

General Information

Sample name:e-dekont_html.scr.exe
Analysis ID:1426827
MD5:abc774f48c2e514bde4ba275a4314b4a
SHA1:141d5d859afb0340302bd4ee2ca2be9493f39804
SHA256:fad3e7058eb2fa88ce97e62a6a243748d6736f9c4e21e4112ed61a40813588b2
Tags:exe
Infos:

Detection

AgentTesla
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Detected unpacking (changes PE section rights)
Detected unpacking (overwrites its own PE header)
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Sigma detected: Scheduled temp file as task from temp location
Yara detected AgentTesla
Yara detected AntiVM3
.NET source code contains potential unpacker
.NET source code contains very large array initializations
Adds a directory exclusion to Windows Defender
Contains functionality to log keystrokes (.Net Source)
Injects a PE file into a foreign processes
Loading BitLocker PowerShell Module
Machine Learning detection for dropped file
Machine Learning detection for sample
Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
Tries to harvest and steal browser information (history, passwords, etc)
Tries to steal Mail credentials (via file / registry access)
Uses schtasks.exe or at.exe to add and modify task schedules
Allocates memory with a write watch (potentially for evading sandboxes)
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found inlined nop instructions (likely shell or obfuscated code)
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
PE / OLE file has an invalid certificate
Queries sensitive BIOS Information (via WMI, Win32_Bios & Win32_BaseBoard, often done to detect virtual machines)
Queries sensitive processor information (via WMI, Win32_Processor, often done to detect virtual machines)
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: Powershell Defender Exclusion
Sigma detected: Suspicious Add Scheduled Task Parent
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Suspicious Schtasks From Env Var Folder
Uses 32bit PE files
Uses SMTP (mail sending)
Uses code obfuscation techniques (call, push, ret)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • e-dekont_html.scr.exe (PID: 7380 cmdline: "C:\Users\user\Desktop\e-dekont_html.scr.exe" MD5: ABC774F48C2E514BDE4BA275A4314B4A)
    • powershell.exe (PID: 7652 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7660 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • powershell.exe (PID: 7716 cmdline: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe" MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
      • conhost.exe (PID: 7748 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WmiPrvSE.exe (PID: 8084 cmdline: C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding MD5: 60FF40CFD7FB8FE41EE4FE9AE5FE1C51)
    • schtasks.exe (PID: 7764 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 7804 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • e-dekont_html.scr.exe (PID: 7916 cmdline: "C:\Users\user\Desktop\e-dekont_html.scr.exe" MD5: ABC774F48C2E514BDE4BA275A4314B4A)
  • ZRbgEuSJYOgOl.exe (PID: 8016 cmdline: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe MD5: ABC774F48C2E514BDE4BA275A4314B4A)
    • schtasks.exe (PID: 7208 cmdline: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp" MD5: 48C2FE20575769DE916F48EF0676A965)
      • conhost.exe (PID: 5180 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
    • ZRbgEuSJYOgOl.exe (PID: 1532 cmdline: "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe" MD5: ABC774F48C2E514BDE4BA275A4314B4A)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
Agent Tesla, AgentTeslaA .NET based information stealer readily available to actors due to leaked builders. The malware is able to log keystrokes, can access the host's clipboard and crawls the disk for credentials or other valuable information. It has the capability to send information back to its C&C via HTTP(S), SMTP, FTP, or towards a Telegram channel.
  • SWEED
https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla

Malware Configuration

Threatname: Agenttesla

{"Exfil Mode": "SMTP", "Port": "587", "Host": "cp8nl.hyperhost.ua", "Username": "royallog@fibraunollc.top", "Password": " 7213575aceACE@#$  "}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
    00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
      00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
        00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
          0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
            Click to see the 17 entries

            Unpacked PEs

            SourceRuleDescriptionAuthorStrings
            1.2.e-dekont_html.scr.exe.651d4a0.20.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
              1.2.e-dekont_html.scr.exe.651d4a0.20.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                1.2.e-dekont_html.scr.exe.651d4a0.20.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                • 0x316e7:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                • 0x31759:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                • 0x317e3:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                • 0x31875:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                • 0x318df:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                • 0x31951:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                • 0x319e7:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                • 0x31a77:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                  10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpackJoeSecurity_AgentTesla_1Yara detected AgentTeslaJoe Security
                    Click to see the 19 entries

                    Sigma Signatures

                    System Summary

                    barindex
                    Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.scr.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.scr.exe, ParentProcessId: 7380, ParentProcessName: e-dekont_html.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", ProcessId: 7652, ProcessName: powershell.exe
                    Sigma detected: Powershell Defender Exclusion
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.scr.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.scr.exe, ParentProcessId: 7380, ParentProcessName: e-dekont_html.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", ProcessId: 7652, ProcessName: powershell.exe
                    Sigma detected: Suspicious Add Scheduled Task Parent
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe, ParentImage: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe, ParentProcessId: 8016, ParentProcessName: ZRbgEuSJYOgOl.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp", ProcessId: 7208, ProcessName: schtasks.exe
                    Sigma detected: Suspicious Outbound SMTP Connections
                    Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 185.174.175.187, DestinationIsIpv6: false, DestinationPort: 587, EventID: 3, Image: C:\Users\user\Desktop\e-dekont_html.scr.exe, Initiated: true, ProcessId: 7916, Protocol: tcp, SourceIp: 192.168.2.8, SourceIsIpv6: false, SourcePort: 49712
                    Sigma detected: Suspicious Schtasks From Env Var Folder
                    Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.scr.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.scr.exe, ParentProcessId: 7380, ParentProcessName: e-dekont_html.scr.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", ProcessId: 7764, ProcessName: schtasks.exe
                    Sigma detected: Non Interactive PowerShell Process Spawned
                    Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", CommandLine|base64offset|contains: ~2yzw, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.scr.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.scr.exe, ParentProcessId: 7380, ParentProcessName: e-dekont_html.scr.exe, ProcessCommandLine: "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe", ProcessId: 7652, ProcessName: powershell.exe

                    Persistence and Installation Behavior

                    barindex
                    Sigma detected: Scheduled temp file as task from temp location
                    Source: Process startedAuthor: Joe Security: Data: Command: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", CommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", CommandLine|base64offset|contains: *j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: "C:\Users\user\Desktop\e-dekont_html.scr.exe", ParentImage: C:\Users\user\Desktop\e-dekont_html.scr.exe, ParentProcessId: 7380, ParentProcessName: e-dekont_html.scr.exe, ProcessCommandLine: "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp", ProcessId: 7764, ProcessName: schtasks.exe

                    Snort Signatures

                    No Snort rule has matched

                    Joe Sandbox Signatures

                    Click to jump to signature section

                    Show All Signature Results

                    AV Detection

                    barindex
                    Found malware configuration
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpackMalware Configuration Extractor: Agenttesla {"Exfil Mode": "SMTP", "Port": "587", "Host": "cp8nl.hyperhost.ua", "Username": "royallog@fibraunollc.top", "Password": " 7213575aceACE@#$ "}
                    Multi AV Scanner detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeReversingLabs: Detection: 31%
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeVirustotal: Detection: 37%Perma Link
                    Multi AV Scanner detection for submitted file
                    Source: e-dekont_html.scr.exeReversingLabs: Detection: 31%
                    Source: e-dekont_html.scr.exeVirustotal: Detection: 37%Perma Link
                    Machine Learning detection for dropped file
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeJoe Sandbox ML: detected
                    Machine Learning detection for sample
                    Source: e-dekont_html.scr.exeJoe Sandbox ML: detected

                    Compliance

                    barindex
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeUnpacked PE file: 1.2.e-dekont_html.scr.exe.6b0000.0.unpack
                    Source: e-dekont_html.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: e-dekont_html.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 4x nop then jmp 029CE7EFh1_2_029CE27B
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 4x nop then jmp 029CE7EFh1_2_029CE1B7
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 4x nop then jmp 029CE7EFh1_2_029CDE28
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 4x nop then jmp 029CE7EFh1_2_029CDF11
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 4x nop then jmp 0273DA47h10_2_0273D080
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 4x nop then jmp 0273DA47h10_2_0273D169
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 4x nop then jmp 0273DA47h10_2_0273D4D3
                    Source: global trafficTCP traffic: 192.168.2.8:49712 -> 185.174.175.187:587
                    Source: Joe Sandbox ViewIP Address: 185.174.175.187 185.174.175.187
                    Source: global trafficTCP traffic: 192.168.2.8:49712 -> 185.174.175.187:587
                    Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
                    Source: unknownDNS traffic detected: queries for: cp8nl.hyperhost.ua
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cp8nl.hyperhost.ua
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl04
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AEA000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
                    Source: e-dekont_html.scr.exe, ZRbgEuSJYOgOl.exe.1.drString found in binary or memory: http://crl.comodoca.com/COMODORSACertificationAuthority.crl0q
                    Source: e-dekont_html.scr.exe, ZRbgEuSJYOgOl.exe.1.drString found in binary or memory: http://crl.comodoca.com/COMODORSACodeSigningCA.crl0t
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/7
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#
                    Source: e-dekont_html.scr.exe, ZRbgEuSJYOgOl.exe.1.drString found in binary or memory: http://ocsp.comodoca.com0
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AEA000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.co=
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.sectigo.com0
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1455141178.0000000002C55000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000A.00000002.1550186245.00000000027B1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://account.dyn.com/
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sectigo.com/CPS0
                    Source: e-dekont_html.scr.exe, ZRbgEuSJYOgOl.exe.1.drString found in binary or memory: https://www.chiark.greenend.org.uk/~sgtatham/putty/0

                    Key, Mouse, Clipboard, Microphone and Screen Capturing

                    barindex
                    Contains functionality to log keystrokes (.Net Source)
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, hxAF.cs.Net Code: gcE
                    Source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, hxAF.cs.Net Code: gcE

                    System Summary

                    barindex
                    Malicious sample detected (through community Yara rule)
                    Source: 1.2.e-dekont_html.scr.exe.651d4a0.20.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    Source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                    .NET source code contains very large array initializations
                    Source: 1.2.e-dekont_html.scr.exe.2bb24e0.5.raw.unpack, SQL.csLarge array initialization: : array initializer size 13797
                    Source: 1.2.e-dekont_html.scr.exe.2940000.1.raw.unpack, SQL.csLarge array initialization: : array initializer size 13797
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD40391_2_00FD4039
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD47101_2_00FD4710
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD4CF41_2_00FD4CF4
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD5EB81_2_00FD5EB8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD40FE1_2_00FD40FE
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD40CF1_2_00FD40CF
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD418A1_2_00FD418A
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD41561_2_00FD4156
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD42B91_2_00FD42B9
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD73901_2_00FD7390
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD73801_2_00FD7380
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD47001_2_00FD4700
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD68201_2_00FD6820
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD68101_2_00FD6810
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD5DD91_2_00FD5DD9
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C97981_2_029C9798
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C97A81_2_029C97A8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C87301_2_029C8730
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029CF5601_2_029CF560
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C6A9F1_2_029C6A9F
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029CDBC11_2_029CDBC1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C8B581_2_029C8B58
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C8B681_2_029C8B68
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029C6F281_2_029C6F28
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_029CAC481_2_029CAC48
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096A11381_2_096A1138
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096A53D81_2_096A53D8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096BF9901_2_096BF990
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096BA0B71_2_096BA0B7
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096B7A001_2_096B7A00
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096BB2E01_2_096BB2E0
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096B79F11_2_096B79F1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096B45BD1_2_096B45BD
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_09B0F0901_2_09B0F090
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_09B03C101_2_09B03C10
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2B9CF01_2_0B2B9CF0
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2B24201_2_0B2B2420
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2BE4981_2_0B2BE498
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2B42801_2_0B2B4280
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2BE6411_2_0B2BE641
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2E19281_2_0B2E1928
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_015E4A989_2_015E4A98
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_015ECE8E9_2_015ECE8E
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_015E3E809_2_015E3E80
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_015E41C89_2_015E41C8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D2EF89_2_065D2EF8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D56E89_2_065D56E8
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D3F589_2_065D3F58
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065DDCCD9_2_065DDCCD
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065DBD109_2_065DBD10
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D8B9B9_2_065D8B9B
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D00409_2_065D0040
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D36539_2_065D3653
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 9_2_065D50089_2_065D5008
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4403910_2_00A44039
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4471010_2_00A44710
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A44CF410_2_00A44CF4
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45EB810_2_00A45EB8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A440FE10_2_00A440FE
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A440CF10_2_00A440CF
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4418A10_2_00A4418A
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4415610_2_00A44156
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A442B910_2_00A442B9
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4738F10_2_00A4738F
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4739010_2_00A47390
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4470010_2_00A44700
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4682010_2_00A46820
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4681F10_2_00A4681F
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45DD910_2_00A45DD9
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0273873010_2_02738730
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0273E7C010_2_0273E7C0
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0273E7B110_2_0273E7B1
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_027397A110_2_027397A1
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_027397A810_2_027397A8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_02736AF110_2_02736AF1
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_02738B6810_2_02738B68
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_02738B5810_2_02738B58
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_02736F2810_2_02736F28
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0273AC4810_2_0273AC48
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_04CC67D810_2_04CC67D8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_04CC67D310_2_04CC67D3
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_04CCD13810_2_04CCD138
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_04CCD13310_2_04CCD133
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_04CC486410_2_04CC4864
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_07C6B57810_2_07C6B578
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_07C6B56B10_2_07C6B56B
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DD113810_2_08DD1138
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DD53D810_2_08DD53D8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DD53C710_2_08DD53C7
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DE503810_2_08DE5038
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DE49F810_2_08DE49F8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DE4A0010_2_08DE4A00
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DE458F10_2_08DE458F
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_08DE45A010_2_08DE45A0
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0923F09010_2_0923F090
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0923DCC810_2_0923DCC8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_09233C1010_2_09233C10
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0AA5A38810_2_0AA5A388
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0AA5E49810_2_0AA5E498
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0AA5242010_2_0AA52420
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0AA5427010_2_0AA54270
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_0AA5E64110_2_0AA5E641
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_02FE4A9814_2_02FE4A98
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_02FE9B2814_2_02FE9B28
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_02FE3E8014_2_02FE3E80
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_02FECDA814_2_02FECDA8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_02FE41C814_2_02FE41C8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_066856E814_2_066856E8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06682EF814_2_06682EF8
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06683F5814_2_06683F58
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_0668DD1814_2_0668DD18
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06688B9B14_2_06688B9B
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_0668004014_2_06680040
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_0668366814_2_06683668
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_0668500814_2_06685008
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06EBB30814_2_06EBB308
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06EBB30714_2_06EBB307
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 14_2_06EB985814_2_06EB9858
                    Source: e-dekont_html.scr.exeStatic PE information: invalid certificate
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1455141178.0000000002B01000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec25e7689-8eb9-43a0-830e-91b697d7907d.exe4 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1466279913.000000000B590000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1455141178.0000000002C55000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec25e7689-8eb9-43a0-830e-91b697d7907d.exe4 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1454886468.0000000002940000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameSimpleLogin.dll8 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000000.1356411107.00000000006B2000.00000002.00000001.01000000.00000003.sdmpBinary or memory string: OriginalFilenameLBwG.exe: vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1453634826.0000000000D8E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1464380345.000000000B252000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameLBwG.exe: vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000001.00000002.1457375395.00000000047F5000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameTyrone.dll8 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmpBinary or memory string: OriginalFilenamec25e7689-8eb9-43a0-830e-91b697d7907d.exe4 vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2608839721.0000000001159000.00000004.00000010.00020000.00000000.sdmpBinary or memory string: OriginalFilenameUNKNOWN_FILET vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exeBinary or memory string: OriginalFilenameLBwG.exe: vs e-dekont_html.scr.exe
                    Source: e-dekont_html.scr.exeStatic PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE
                    Source: 1.2.e-dekont_html.scr.exe.651d4a0.20.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                    Source: e-dekont_html.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: ZRbgEuSJYOgOl.exe.1.drStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, N43UVggPg.csCryptographic APIs: 'TransformFinalBlock', 'CreateDecryptor'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, Ow96S4wT.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, MjzNdC.csCryptographic APIs: 'TransformFinalBlock'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: _0020.AddAccessRule
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: _0020.AddAccessRule
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, RJD2yDAA3mME3n9aB8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, RJD2yDAA3mME3n9aB8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, RJD2yDAA3mME3n9aB8.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.IO.DirectoryInfo.SetAccessControl(System.Security.AccessControl.DirectorySecurity)
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: System.Security.Principal.WindowsIdentity.GetCurrent()
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, FbuB85sRXgHQukwMDs.csSecurity API names: _0020.AddAccessRule
                    Source: classification engineClassification label: mal100.troj.spyw.evad.winEXE@19/15@1/1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMutant created: NULL
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMutant created: \Sessions\1\BaseNamedObjects\HPDeNUPQPJYlUpFApIqGxGZiQ
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5180:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7804:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7748:120:WilError_03
                    Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7660:120:WilError_03
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile created: C:\Users\user\AppData\Local\Temp\tmpA98F.tmpJump to behavior
                    Source: e-dekont_html.scr.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                    Source: e-dekont_html.scr.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                    Source: e-dekont_html.scr.exeReversingLabs: Detection: 31%
                    Source: e-dekont_html.scr.exeVirustotal: Detection: 37%
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile read: C:\Users\user\Desktop\e-dekont_html.scr.exe:Zone.IdentifierJump to behavior
                    Source: unknownProcess created: C:\Users\user\Desktop\e-dekont_html.scr.exe "C:\Users\user\Desktop\e-dekont_html.scr.exe"
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Users\user\Desktop\e-dekont_html.scr.exe "C:\Users\user\Desktop\e-dekont_html.scr.exe"
                    Source: unknownProcess created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess created: C:\Windows\System32\wbem\WmiPrvSE.exe C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp"
                    Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Users\user\Desktop\e-dekont_html.scr.exe "C:\Users\user\Desktop\e-dekont_html.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ntmarta.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dllJump to behavior
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: wbemcomn.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: vaultcli.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: iphlpapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: dnsapi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: dhcpcsvc6.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: dhcpcsvc.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: winnsi.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: mswsock.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: rasadhlp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: fwpuclnt.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: secur32.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: schannel.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: mskeyprotect.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ntasn1.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ncrypt.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: ncryptsslp.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: mscoree.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: apphelp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: kernel.appcore.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: version.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: uxtheme.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: windows.storage.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: wldp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: profapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: cryptsp.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: rsaenh.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: cryptbase.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: dwrite.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: textshaping.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: windowscodecs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: amsi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: userenv.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: msasn1.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: gpapi.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: urlmon.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: iertutil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: srvcli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: netutils.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: sspicli.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: propsys.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: edputil.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: wintypes.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: appresolver.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: bcp47langs.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: slc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: sppc.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: fastprox.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: ncobjapi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wbemcomn.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mpclient.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: userenv.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: version.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: msasn1.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: wmitomi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: mi.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: miutils.dll
                    Source: C:\Windows\System32\wbem\WmiPrvSE.exeSection loaded: gpapi.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                    Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: mscoree.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: kernel.appcore.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: version.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: vcruntime140_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ucrtbase_clr0400.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: uxtheme.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: windows.storage.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: wldp.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: profapi.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: cryptsp.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: rsaenh.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: cryptbase.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: wbemcomn.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: amsi.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: userenv.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: sspicli.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: vaultcli.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: wintypes.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: iphlpapi.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: dnsapi.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: dhcpcsvc6.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: dhcpcsvc.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: winnsi.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: mswsock.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: rasadhlp.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: fwpuclnt.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: secur32.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: schannel.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: mskeyprotect.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ntasn1.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ncrypt.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: ncryptsslp.dll
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeSection loaded: msasn1.dll
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                    Source: Window RecorderWindow detected: More than 3 window changes detected
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Office\11.0\Outlook\ProfilesJump to behavior
                    Source: e-dekont_html.scr.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                    Source: e-dekont_html.scr.exeStatic file information: File size 1053704 > 1048576
                    Source: e-dekont_html.scr.exeStatic PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

                    Data Obfuscation

                    barindex
                    Detected unpacking (changes PE section rights)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeUnpacked PE file: 1.2.e-dekont_html.scr.exe.6b0000.0.unpack .text:ER;.rsrc:R;.reloc:R; vs Unknown_Section0:ER;Unknown_Section1:R;Unknown_Section2:R;
                    Detected unpacking (overwrites its own PE header)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeUnpacked PE file: 1.2.e-dekont_html.scr.exe.6b0000.0.unpack
                    .NET source code contains potential unpacker
                    Source: 1.2.e-dekont_html.scr.exe.2bb24e0.5.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, FbuB85sRXgHQukwMDs.cs.Net Code: BlDiTS8iJn System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, FbuB85sRXgHQukwMDs.cs.Net Code: BlDiTS8iJn System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.e-dekont_html.scr.exe.2940000.1.raw.unpack, SQL.cs.Net Code: System.Reflection.Assembly.Load(byte[])
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, FbuB85sRXgHQukwMDs.cs.Net Code: BlDiTS8iJn System.Reflection.Assembly.Load(byte[])
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_00FD5809 push ebp; iretd 1_2_00FD5814
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096ACF79 push esi; retf 1_2_096ACF7A
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096AB1B0 push ebp; retf 1_2_096AB1B7
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096AB277 push 00000009h; iretd 1_2_096AB400
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096AB473 push 00000009h; iretd 1_2_096AB400
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_096AB402 push 00000009h; iretd 1_2_096AB400
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_09AF1E89 push ebx; retf 1_2_09AF1E8A
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_09AF2EE5 push esp; retf 1_2_09AF2EE7
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2D211D pushfd ; iretd 1_2_0B2D211E
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeCode function: 1_2_0B2D47EE push ss; ret 1_2_0B2D47EF
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A47009 push ecx; ret 10_2_00A47016
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A462F0 push edx; ret 10_2_00A462FE
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45208 push ecx; ret 10_2_00A45216
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A47380 push esp; ret 10_2_00A4738E
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A465B8 push ebp; ret 10_2_00A465C6
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A46560 push ebp; ret 10_2_00A46567
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A47610 push esp; ret 10_2_00A4761E
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A46720 push eax; ret 10_2_00A4672E
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4574A push edx; ret 10_2_00A4574C
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A458B0 push edx; ret 10_2_00A458B2
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A4583C push edi; ret 10_2_00A4583D
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45809 push ebp; iretd 10_2_00A45814
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45937 push edi; ret 10_2_00A45938
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45AD1 push edx; ret 10_2_00A45AD3
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45ADD push edx; ret 10_2_00A45ADF
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45B01 push ecx; ret 10_2_00A45B03
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45B42 push eax; ret 10_2_00A45B43
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45CA0 push ecx; ret 10_2_00A45CA2
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A45C92 push edx; ret 10_2_00A45C94
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A46CC8 push 4F340279h; ret 10_2_00A46DDE
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeCode function: 10_2_00A46DD0 push 4F340279h; ret 10_2_00A46DDE
                    Source: e-dekont_html.scr.exeStatic PE information: section name: .text entropy: 7.604412881501509
                    Source: ZRbgEuSJYOgOl.exe.1.drStatic PE information: section name: .text entropy: 7.604412881501509
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, BnQrcqiscApvrapbDw.csHigh entropy of concatenated method names: 'YUyBoo8tKW', 'vepBt43Ssn', 'ePiBeT8Yxb', 'KACBVgbJtX', 'PZhBOvrAWj', 'RksBmB0uZp', 'y5NBgNIowE', 'oUlB74mZ4E', 'PwJBXQsUnj', 'QrEBqaju1M'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, Eb7IhLjibfvCytpKqj.csHigh entropy of concatenated method names: 'JMKa81L83W', 'Dbvak9hc7a', 'WgqaFBvBgC', 'FMnaOakhg7', 'sHjagcQQoq', 'UKZa7b3Uiu', 'PdpaqfBQV1', 'mpcaj0uLs9', 'gWvaowBRfK', 'MbAaJE9X9h'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, DCHyiIOxDrHR7VSveM.csHigh entropy of concatenated method names: 'BNDLESXONU', 'PceLbxp4Pf', 'UORLTKoBJf', 'g3BL6qfEqa', 'kScLW476HM', 'DOKLUO9MAW', 'BypL1iEsXX', 'XKGL8Is1Ky', 'hPPLk77lIm', 'ChqLQS7syS'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, xBY3PDf6vJKGLwNm7f.csHigh entropy of concatenated method names: 't3ofpAuFfT', 'YxsfCNdPVh', 'OKufiLHcdm', 'LGWfMNN43r', 'uyQfnggVuP', 'mgPf2jNr6V', 'mQdfIWVWHm', 'ukAYNZmJgs', 'Wa7YK4bFVT', 'x3dYdE0ABI'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, PAX83uVRoxbuu33iX2.csHigh entropy of concatenated method names: 'H2my6UinGS', 'yTJyU9yh1q', 'vNIy86SV27', 'LKRykfSWsM', 'MhCyBYADqi', 'vjsyDD36U5', 'NBOyhk6G33', 'SFEyYyusCX', 'WqlyfG7Sc6', 'Rk6yH3UXZK'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, MX5baKcQduoLnQSywj2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vClHenUyGC', 'KdLHVVtiwo', 'K8aHxRkgAo', 'TaHH0a4OQL', 'dXyH32Cbv9', 'kwRHAFYBYM', 'pkcHNsDGGr'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, In7BZMgDRbJ4pDwyHe.csHigh entropy of concatenated method names: 'z642WPaFfk', 'wC721spJRE', 'uwcymcn0uO', 'jILygxnXRc', 'Vb5y7mTJNr', 'FOiyXTTL4y', 'Bojyqd7vUK', 'bs4yjdqAV3', 'JG7yPwFuCi', 'EIpyov6NJG'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, hUKFKiDa9vnGoj4IHO.csHigh entropy of concatenated method names: 'L7WpL2Sjkg', 'Vt6pcxLSTR', 'A7npv5wXu2', 'PQTpwXKO5S', 'H9SpBPEwln', 'qQApDwANAD', 'nTVUA4XV7vdQ4JYNam', 'F7lhIDklslo9w4ydvN', 'MRCpp3AII7', 'SGjpCx8mDc'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, lAKyrUYDFF0BNXKK8u.csHigh entropy of concatenated method names: 'fHsIZwds5C', 'hoiIncXLYy', 'XmLI2NTyNA', 'Uj0IL7xqsk', 'jskIcWymSE', 'xF123WpVM3', 'UIP2ALJFkm', 'W0f2N40aIC', 'f3u2KJb0y8', 'vR22dtxQFC'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, rO5HpeSsG7mJALEoTd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ntg5d1hw9Y', 'fIT5rdnW5m', 'bBs5zhoMqE', 'VMRClRceSW', 'R5JCp0KAox', 'ljTC5Bipwi', 'je9CCCJ2Wu', 'l6ZoEDvSQFxVKLWH64a'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, QxAaJdyfkcOUsLDeE2.csHigh entropy of concatenated method names: 'PKOYFLgmSh', 'FiMYOa5pSX', 'LY4Yma1R1m', 'NubYgc6FQ1', 'UUqYeCEnCw', 'jfMY7BLGkq', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, al6DtAccKrL4Xnsi1t5.csHigh entropy of concatenated method names: 'ToString', 'PGmHC12sIp', 'RWNHi0Q4ir', 'rwAHZWlHlM', 'FMZHMw6qE7', 'VdjHnAamOD', 'bDkHyg8n2x', 'JI7H2QFn5p', 'lavvOHM1JQKD5EqFaFx', 'wVUVafMDsLAnLJuOCnG'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, b4uOTsniPy7tMYIvRh.csHigh entropy of concatenated method names: 'rQCTEDV4V', 'VMr6iPJum', 'TE5UD3LfQ', 'Uj112kOf4', 'EELkS6mHo', 'geBQmKGwT', 'EY8VogdrKpyBPkc882', 'yVPorZyoguIhDIBPBL', 'pVyYMhrRf', 'IV3HvtbNv'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, Yb2S65W4SnJy6QSjeK.csHigh entropy of concatenated method names: 'DwLhKLfe07', 'EJXhr5H0YV', 'yToYlCojkB', 'Y9bYplcvr1', 'G69hJX3mjk', 'XG3ht0wW82', 'CDJhRq5jGw', 'Xephe8x2WA', 'A6WhVA67oX', 'rkLhxUoNDR'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, FbuB85sRXgHQukwMDs.csHigh entropy of concatenated method names: 'Pu7CZuhybF', 'ptPCMBE3c5', 'Sn1CnpfHcy', 'bZICyuvZgW', 'wslC2RmrrC', 'phoCIOaAmD', 'RMKCLglRjC', 'r3hCc9bcqf', 'BI5CGCkbEU', 'YudCv1vP49'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, YlZ82i7i9TZ0SdYkcJ.csHigh entropy of concatenated method names: 'Dispose', 'XQ5pd6c35Z', 'G3R5OROSor', 'xmjssuJwoV', 'iSipr9qpfv', 'HeFpzpWx0e', 'ProcessDialogKey', 's9t5lCpxPc', 'E785p5F4GK', 'T0q55iLMtp'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, hwWW4hCnmpMqoYbmje.csHigh entropy of concatenated method names: 'z9pYMZULlx', 'GFeYnXwfCD', 'Md8YyRCE6Z', 'seSY2VKEbT', 'Eh2YI5MFYG', 'xUUYLAqXcu', 'hvAYcNxUnY', 'GxQYGAefmh', 'ei2YvWm535', 'C2fYwScOo5'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, Fhn3qXhQZ2H48RDDPl.csHigh entropy of concatenated method names: 'VAILMC6uWX', 'J9MLyqg2Hh', 'I7BLIEb6Jo', 'BsxIrct7Eg', 'oMqIzcUbwV', 'Iy6Lljtul3', 'hqDLpY4gWQ', 'tu6L55EE72', 'pYBLCSX5e5', 'MSmLiI4tV2'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, SijOYSc51G5UnH6HmiJ.csHigh entropy of concatenated method names: 'tCufEVSMbR', 's3vfbQTajS', 'rNafTvEZgM', 'VaTf6EBkDr', 'DJEfW8pfsF', 'SHqfU0v1uE', 'ESgf1BThVT', 'yUyf8uf1IJ', 'ACsfkhmvD2', 'tdrfQSN3eA'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, zgmIucz84CQcRCApdO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zbxfauTMc2', 'JSffBwA6Bm', 'lRmfDVGfHs', 'n1ffhmUg41', 'kAjfYbcf26', 'Q95ffPxqju', 'lSMfHKVasR'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, RJD2yDAA3mME3n9aB8.csHigh entropy of concatenated method names: 'tvyneLMUuW', 'ge7nVaXliv', 'IqhnxI3Cpg', 'EtHn0smVVn', 'XWEn3dTATB', 'KJQnAlBQcb', 'naenNGwcYj', 'PbCnKTbH3k', 'OtxnddDYZr', 'fJwnrvQZgf'
                    Source: 1.2.e-dekont_html.scr.exe.49fc188.15.raw.unpack, slVDVLBqMXcMQu6e1t.csHigh entropy of concatenated method names: 'ToString', 'ElkDJug5Ly', 'AHYDOLNbcW', 'YOyDmcv6wE', 'S1TDggRF6w', 'nNYD7Jyq5a', 'zFADXInaRi', 'jhgDqyKe3o', 'kHiDjTkeoB', 'EykDPumPPW'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, BnQrcqiscApvrapbDw.csHigh entropy of concatenated method names: 'YUyBoo8tKW', 'vepBt43Ssn', 'ePiBeT8Yxb', 'KACBVgbJtX', 'PZhBOvrAWj', 'RksBmB0uZp', 'y5NBgNIowE', 'oUlB74mZ4E', 'PwJBXQsUnj', 'QrEBqaju1M'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, Eb7IhLjibfvCytpKqj.csHigh entropy of concatenated method names: 'JMKa81L83W', 'Dbvak9hc7a', 'WgqaFBvBgC', 'FMnaOakhg7', 'sHjagcQQoq', 'UKZa7b3Uiu', 'PdpaqfBQV1', 'mpcaj0uLs9', 'gWvaowBRfK', 'MbAaJE9X9h'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, DCHyiIOxDrHR7VSveM.csHigh entropy of concatenated method names: 'BNDLESXONU', 'PceLbxp4Pf', 'UORLTKoBJf', 'g3BL6qfEqa', 'kScLW476HM', 'DOKLUO9MAW', 'BypL1iEsXX', 'XKGL8Is1Ky', 'hPPLk77lIm', 'ChqLQS7syS'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, xBY3PDf6vJKGLwNm7f.csHigh entropy of concatenated method names: 't3ofpAuFfT', 'YxsfCNdPVh', 'OKufiLHcdm', 'LGWfMNN43r', 'uyQfnggVuP', 'mgPf2jNr6V', 'mQdfIWVWHm', 'ukAYNZmJgs', 'Wa7YK4bFVT', 'x3dYdE0ABI'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, PAX83uVRoxbuu33iX2.csHigh entropy of concatenated method names: 'H2my6UinGS', 'yTJyU9yh1q', 'vNIy86SV27', 'LKRykfSWsM', 'MhCyBYADqi', 'vjsyDD36U5', 'NBOyhk6G33', 'SFEyYyusCX', 'WqlyfG7Sc6', 'Rk6yH3UXZK'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, MX5baKcQduoLnQSywj2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vClHenUyGC', 'KdLHVVtiwo', 'K8aHxRkgAo', 'TaHH0a4OQL', 'dXyH32Cbv9', 'kwRHAFYBYM', 'pkcHNsDGGr'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, In7BZMgDRbJ4pDwyHe.csHigh entropy of concatenated method names: 'z642WPaFfk', 'wC721spJRE', 'uwcymcn0uO', 'jILygxnXRc', 'Vb5y7mTJNr', 'FOiyXTTL4y', 'Bojyqd7vUK', 'bs4yjdqAV3', 'JG7yPwFuCi', 'EIpyov6NJG'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, hUKFKiDa9vnGoj4IHO.csHigh entropy of concatenated method names: 'L7WpL2Sjkg', 'Vt6pcxLSTR', 'A7npv5wXu2', 'PQTpwXKO5S', 'H9SpBPEwln', 'qQApDwANAD', 'nTVUA4XV7vdQ4JYNam', 'F7lhIDklslo9w4ydvN', 'MRCpp3AII7', 'SGjpCx8mDc'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, lAKyrUYDFF0BNXKK8u.csHigh entropy of concatenated method names: 'fHsIZwds5C', 'hoiIncXLYy', 'XmLI2NTyNA', 'Uj0IL7xqsk', 'jskIcWymSE', 'xF123WpVM3', 'UIP2ALJFkm', 'W0f2N40aIC', 'f3u2KJb0y8', 'vR22dtxQFC'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, rO5HpeSsG7mJALEoTd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ntg5d1hw9Y', 'fIT5rdnW5m', 'bBs5zhoMqE', 'VMRClRceSW', 'R5JCp0KAox', 'ljTC5Bipwi', 'je9CCCJ2Wu', 'l6ZoEDvSQFxVKLWH64a'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, QxAaJdyfkcOUsLDeE2.csHigh entropy of concatenated method names: 'PKOYFLgmSh', 'FiMYOa5pSX', 'LY4Yma1R1m', 'NubYgc6FQ1', 'UUqYeCEnCw', 'jfMY7BLGkq', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, al6DtAccKrL4Xnsi1t5.csHigh entropy of concatenated method names: 'ToString', 'PGmHC12sIp', 'RWNHi0Q4ir', 'rwAHZWlHlM', 'FMZHMw6qE7', 'VdjHnAamOD', 'bDkHyg8n2x', 'JI7H2QFn5p', 'lavvOHM1JQKD5EqFaFx', 'wVUVafMDsLAnLJuOCnG'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, b4uOTsniPy7tMYIvRh.csHigh entropy of concatenated method names: 'rQCTEDV4V', 'VMr6iPJum', 'TE5UD3LfQ', 'Uj112kOf4', 'EELkS6mHo', 'geBQmKGwT', 'EY8VogdrKpyBPkc882', 'yVPorZyoguIhDIBPBL', 'pVyYMhrRf', 'IV3HvtbNv'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, Yb2S65W4SnJy6QSjeK.csHigh entropy of concatenated method names: 'DwLhKLfe07', 'EJXhr5H0YV', 'yToYlCojkB', 'Y9bYplcvr1', 'G69hJX3mjk', 'XG3ht0wW82', 'CDJhRq5jGw', 'Xephe8x2WA', 'A6WhVA67oX', 'rkLhxUoNDR'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, FbuB85sRXgHQukwMDs.csHigh entropy of concatenated method names: 'Pu7CZuhybF', 'ptPCMBE3c5', 'Sn1CnpfHcy', 'bZICyuvZgW', 'wslC2RmrrC', 'phoCIOaAmD', 'RMKCLglRjC', 'r3hCc9bcqf', 'BI5CGCkbEU', 'YudCv1vP49'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, YlZ82i7i9TZ0SdYkcJ.csHigh entropy of concatenated method names: 'Dispose', 'XQ5pd6c35Z', 'G3R5OROSor', 'xmjssuJwoV', 'iSipr9qpfv', 'HeFpzpWx0e', 'ProcessDialogKey', 's9t5lCpxPc', 'E785p5F4GK', 'T0q55iLMtp'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, hwWW4hCnmpMqoYbmje.csHigh entropy of concatenated method names: 'z9pYMZULlx', 'GFeYnXwfCD', 'Md8YyRCE6Z', 'seSY2VKEbT', 'Eh2YI5MFYG', 'xUUYLAqXcu', 'hvAYcNxUnY', 'GxQYGAefmh', 'ei2YvWm535', 'C2fYwScOo5'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, Fhn3qXhQZ2H48RDDPl.csHigh entropy of concatenated method names: 'VAILMC6uWX', 'J9MLyqg2Hh', 'I7BLIEb6Jo', 'BsxIrct7Eg', 'oMqIzcUbwV', 'Iy6Lljtul3', 'hqDLpY4gWQ', 'tu6L55EE72', 'pYBLCSX5e5', 'MSmLiI4tV2'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, SijOYSc51G5UnH6HmiJ.csHigh entropy of concatenated method names: 'tCufEVSMbR', 's3vfbQTajS', 'rNafTvEZgM', 'VaTf6EBkDr', 'DJEfW8pfsF', 'SHqfU0v1uE', 'ESgf1BThVT', 'yUyf8uf1IJ', 'ACsfkhmvD2', 'tdrfQSN3eA'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, zgmIucz84CQcRCApdO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zbxfauTMc2', 'JSffBwA6Bm', 'lRmfDVGfHs', 'n1ffhmUg41', 'kAjfYbcf26', 'Q95ffPxqju', 'lSMfHKVasR'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, RJD2yDAA3mME3n9aB8.csHigh entropy of concatenated method names: 'tvyneLMUuW', 'ge7nVaXliv', 'IqhnxI3Cpg', 'EtHn0smVVn', 'XWEn3dTATB', 'KJQnAlBQcb', 'naenNGwcYj', 'PbCnKTbH3k', 'OtxnddDYZr', 'fJwnrvQZgf'
                    Source: 1.2.e-dekont_html.scr.exe.4a787a8.16.raw.unpack, slVDVLBqMXcMQu6e1t.csHigh entropy of concatenated method names: 'ToString', 'ElkDJug5Ly', 'AHYDOLNbcW', 'YOyDmcv6wE', 'S1TDggRF6w', 'nNYD7Jyq5a', 'zFADXInaRi', 'jhgDqyKe3o', 'kHiDjTkeoB', 'EykDPumPPW'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, BnQrcqiscApvrapbDw.csHigh entropy of concatenated method names: 'YUyBoo8tKW', 'vepBt43Ssn', 'ePiBeT8Yxb', 'KACBVgbJtX', 'PZhBOvrAWj', 'RksBmB0uZp', 'y5NBgNIowE', 'oUlB74mZ4E', 'PwJBXQsUnj', 'QrEBqaju1M'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, Eb7IhLjibfvCytpKqj.csHigh entropy of concatenated method names: 'JMKa81L83W', 'Dbvak9hc7a', 'WgqaFBvBgC', 'FMnaOakhg7', 'sHjagcQQoq', 'UKZa7b3Uiu', 'PdpaqfBQV1', 'mpcaj0uLs9', 'gWvaowBRfK', 'MbAaJE9X9h'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, DCHyiIOxDrHR7VSveM.csHigh entropy of concatenated method names: 'BNDLESXONU', 'PceLbxp4Pf', 'UORLTKoBJf', 'g3BL6qfEqa', 'kScLW476HM', 'DOKLUO9MAW', 'BypL1iEsXX', 'XKGL8Is1Ky', 'hPPLk77lIm', 'ChqLQS7syS'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, xBY3PDf6vJKGLwNm7f.csHigh entropy of concatenated method names: 't3ofpAuFfT', 'YxsfCNdPVh', 'OKufiLHcdm', 'LGWfMNN43r', 'uyQfnggVuP', 'mgPf2jNr6V', 'mQdfIWVWHm', 'ukAYNZmJgs', 'Wa7YK4bFVT', 'x3dYdE0ABI'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, PAX83uVRoxbuu33iX2.csHigh entropy of concatenated method names: 'H2my6UinGS', 'yTJyU9yh1q', 'vNIy86SV27', 'LKRykfSWsM', 'MhCyBYADqi', 'vjsyDD36U5', 'NBOyhk6G33', 'SFEyYyusCX', 'WqlyfG7Sc6', 'Rk6yH3UXZK'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, MX5baKcQduoLnQSywj2.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'vClHenUyGC', 'KdLHVVtiwo', 'K8aHxRkgAo', 'TaHH0a4OQL', 'dXyH32Cbv9', 'kwRHAFYBYM', 'pkcHNsDGGr'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, In7BZMgDRbJ4pDwyHe.csHigh entropy of concatenated method names: 'z642WPaFfk', 'wC721spJRE', 'uwcymcn0uO', 'jILygxnXRc', 'Vb5y7mTJNr', 'FOiyXTTL4y', 'Bojyqd7vUK', 'bs4yjdqAV3', 'JG7yPwFuCi', 'EIpyov6NJG'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, hUKFKiDa9vnGoj4IHO.csHigh entropy of concatenated method names: 'L7WpL2Sjkg', 'Vt6pcxLSTR', 'A7npv5wXu2', 'PQTpwXKO5S', 'H9SpBPEwln', 'qQApDwANAD', 'nTVUA4XV7vdQ4JYNam', 'F7lhIDklslo9w4ydvN', 'MRCpp3AII7', 'SGjpCx8mDc'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, lAKyrUYDFF0BNXKK8u.csHigh entropy of concatenated method names: 'fHsIZwds5C', 'hoiIncXLYy', 'XmLI2NTyNA', 'Uj0IL7xqsk', 'jskIcWymSE', 'xF123WpVM3', 'UIP2ALJFkm', 'W0f2N40aIC', 'f3u2KJb0y8', 'vR22dtxQFC'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, rO5HpeSsG7mJALEoTd.csHigh entropy of concatenated method names: 'EditValue', 'GetEditStyle', 'ntg5d1hw9Y', 'fIT5rdnW5m', 'bBs5zhoMqE', 'VMRClRceSW', 'R5JCp0KAox', 'ljTC5Bipwi', 'je9CCCJ2Wu', 'l6ZoEDvSQFxVKLWH64a'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, QxAaJdyfkcOUsLDeE2.csHigh entropy of concatenated method names: 'PKOYFLgmSh', 'FiMYOa5pSX', 'LY4Yma1R1m', 'NubYgc6FQ1', 'UUqYeCEnCw', 'jfMY7BLGkq', 'Next', 'Next', 'Next', 'NextBytes'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, al6DtAccKrL4Xnsi1t5.csHigh entropy of concatenated method names: 'ToString', 'PGmHC12sIp', 'RWNHi0Q4ir', 'rwAHZWlHlM', 'FMZHMw6qE7', 'VdjHnAamOD', 'bDkHyg8n2x', 'JI7H2QFn5p', 'lavvOHM1JQKD5EqFaFx', 'wVUVafMDsLAnLJuOCnG'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, b4uOTsniPy7tMYIvRh.csHigh entropy of concatenated method names: 'rQCTEDV4V', 'VMr6iPJum', 'TE5UD3LfQ', 'Uj112kOf4', 'EELkS6mHo', 'geBQmKGwT', 'EY8VogdrKpyBPkc882', 'yVPorZyoguIhDIBPBL', 'pVyYMhrRf', 'IV3HvtbNv'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, Yb2S65W4SnJy6QSjeK.csHigh entropy of concatenated method names: 'DwLhKLfe07', 'EJXhr5H0YV', 'yToYlCojkB', 'Y9bYplcvr1', 'G69hJX3mjk', 'XG3ht0wW82', 'CDJhRq5jGw', 'Xephe8x2WA', 'A6WhVA67oX', 'rkLhxUoNDR'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, FbuB85sRXgHQukwMDs.csHigh entropy of concatenated method names: 'Pu7CZuhybF', 'ptPCMBE3c5', 'Sn1CnpfHcy', 'bZICyuvZgW', 'wslC2RmrrC', 'phoCIOaAmD', 'RMKCLglRjC', 'r3hCc9bcqf', 'BI5CGCkbEU', 'YudCv1vP49'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, YlZ82i7i9TZ0SdYkcJ.csHigh entropy of concatenated method names: 'Dispose', 'XQ5pd6c35Z', 'G3R5OROSor', 'xmjssuJwoV', 'iSipr9qpfv', 'HeFpzpWx0e', 'ProcessDialogKey', 's9t5lCpxPc', 'E785p5F4GK', 'T0q55iLMtp'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, hwWW4hCnmpMqoYbmje.csHigh entropy of concatenated method names: 'z9pYMZULlx', 'GFeYnXwfCD', 'Md8YyRCE6Z', 'seSY2VKEbT', 'Eh2YI5MFYG', 'xUUYLAqXcu', 'hvAYcNxUnY', 'GxQYGAefmh', 'ei2YvWm535', 'C2fYwScOo5'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, Fhn3qXhQZ2H48RDDPl.csHigh entropy of concatenated method names: 'VAILMC6uWX', 'J9MLyqg2Hh', 'I7BLIEb6Jo', 'BsxIrct7Eg', 'oMqIzcUbwV', 'Iy6Lljtul3', 'hqDLpY4gWQ', 'tu6L55EE72', 'pYBLCSX5e5', 'MSmLiI4tV2'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, SijOYSc51G5UnH6HmiJ.csHigh entropy of concatenated method names: 'tCufEVSMbR', 's3vfbQTajS', 'rNafTvEZgM', 'VaTf6EBkDr', 'DJEfW8pfsF', 'SHqfU0v1uE', 'ESgf1BThVT', 'yUyf8uf1IJ', 'ACsfkhmvD2', 'tdrfQSN3eA'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, zgmIucz84CQcRCApdO.csHigh entropy of concatenated method names: 'CanConvertFrom', 'ConvertFrom', 'ConvertTo', 'zbxfauTMc2', 'JSffBwA6Bm', 'lRmfDVGfHs', 'n1ffhmUg41', 'kAjfYbcf26', 'Q95ffPxqju', 'lSMfHKVasR'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, RJD2yDAA3mME3n9aB8.csHigh entropy of concatenated method names: 'tvyneLMUuW', 'ge7nVaXliv', 'IqhnxI3Cpg', 'EtHn0smVVn', 'XWEn3dTATB', 'KJQnAlBQcb', 'naenNGwcYj', 'PbCnKTbH3k', 'OtxnddDYZr', 'fJwnrvQZgf'
                    Source: 1.2.e-dekont_html.scr.exe.b590000.22.raw.unpack, slVDVLBqMXcMQu6e1t.csHigh entropy of concatenated method names: 'ToString', 'ElkDJug5Ly', 'AHYDOLNbcW', 'YOyDmcv6wE', 'S1TDggRF6w', 'nNYD7Jyq5a', 'zFADXInaRi', 'jhgDqyKe3o', 'kHiDjTkeoB', 'EykDPumPPW'
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeJump to dropped file

                    Boot Survival

                    barindex
                    Uses schtasks.exe or at.exe to add and modify task schedules
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp"

                    Hooking and other Techniques for Hiding and Protection

                    barindex
                    Loading BitLocker PowerShell Module
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\BitLocker.psd1Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeFile opened: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\en-US\BitLocker.psd1Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess information set: NOOPENFILEERRORBOX

                    Malware Analysis System Evasion

                    barindex
                    Yara detected AntiVM3
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7380, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 8016, type: MEMORYSTR
                    Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_NetworkAdapterConfiguration
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: FD0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 2B00000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 2940000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 5C80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 5220000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 6C80000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 5350000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 15E0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 2EF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: 4EF0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: A40000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 27B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 26B0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 5850000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 4E90000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 6850000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 4FC0000 memory reserve | memory write watchJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 2F80000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 3130000 memory reserve | memory write watch
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory allocated: 5130000 memory reserve | memory write watch
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 922337203685477
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 7644Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 8012Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWindow / User API: threadDelayed 3243Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWindow / User API: threadDelayed 6577Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWindow / User API: threadDelayed 2752
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWindow / User API: threadDelayed 7088
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 7428Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep count: 7644 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7756Thread sleep count: 348 > 30Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7960Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7812Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 8000Thread sleep time: -4611686018427385s >= -30000sJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7924Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep count: 33 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -30437127721620741s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -100000s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8064Thread sleep count: 3243 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99891s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99765s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99635s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99531s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99420s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99273s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99156s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -99044s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98937s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98828s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8064Thread sleep count: 6577 > 30Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -98110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97237s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -97110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -96110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95860s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95735s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95610s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95485s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95360s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95235s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -95110s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94985s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94847s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94719s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94594s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94277s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94172s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -94057s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -93951s >= -30000sJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exe TID: 8056Thread sleep time: -92362s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 8080Thread sleep time: -922337203685477s >= -30000sJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -26747778906878833s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -100000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 996Thread sleep count: 2752 > 30
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99890s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 996Thread sleep count: 7088 > 30
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99781s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99670s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99561s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99453s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99342s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99219s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -99086s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98969s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98856s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98735s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98610s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98485s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98360s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98235s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98120s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -98000s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97891s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97766s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97656s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97547s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97313s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97195s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -97091s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96976s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96860s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96750s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96641s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96516s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96391s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96281s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96172s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -96063s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95938s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95813s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95703s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95594s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95469s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95359s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95250s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95141s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -95031s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94915s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94797s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94672s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94563s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94438s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94328s >= -30000s
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe TID: 916Thread sleep time: -94219s >= -30000s
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_BaseBoard
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::CreateInstanceEnum - root\cimv2 : Win32_Processor
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_Processor
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 100000Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99891Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99765Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99635Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99531Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99420Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99273Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99156Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 99044Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98937Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98828Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98719Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98594Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98485Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98360Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98235Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 98110Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97985Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97860Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97735Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97610Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97485Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97360Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97237Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 97110Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96985Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96860Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96735Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96610Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96485Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96360Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96235Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 96110Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95985Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95860Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95735Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95610Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95485Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95360Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95235Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 95110Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94985Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94847Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94719Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94594Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94277Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94172Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 94057Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 93951Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeThread delayed: delay time: 92362Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 922337203685477Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 922337203685477
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 100000
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99890
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99781
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99670
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99561
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99453
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99342
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99219
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 99086
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98969
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98856
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98735
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98610
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98485
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98360
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98235
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98120
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 98000
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97891
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97766
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97656
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97547
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97438
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97313
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97195
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 97091
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96976
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96860
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96750
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96641
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96516
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96391
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96281
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96172
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 96063
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95938
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95813
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95703
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95594
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95469
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95359
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95250
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95141
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 95031
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94915
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94797
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94672
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94563
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94438
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94328
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeThread delayed: delay time: 94219
                    Source: ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: e-dekont_html.scr.exe, 00000009.00000002.2610403456.0000000001442000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess information queried: ProcessInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess token adjusted: DebugJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory allocated: page read and write | page guardJump to behavior

                    HIPS / PFW / Operating System Protection Evasion

                    barindex
                    Adds a directory exclusion to Windows Defender
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"Jump to behavior
                    Injects a PE file into a foreign processes
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeMemory written: C:\Users\user\Desktop\e-dekont_html.scr.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeMemory written: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe base: 400000 value starts with: 4D5AJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe "C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeProcess created: C:\Users\user\Desktop\e-dekont_html.scr.exe "C:\Users\user\Desktop\e-dekont_html.scr.exe"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Windows\SysWOW64\schtasks.exe "C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp"Jump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeProcess created: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"Jump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Users\user\Desktop\e-dekont_html.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Users\user\Desktop\e-dekont_html.scr.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior

                    Stealing of Sensitive Information

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2612303414.000000000317E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2612303414.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2612262125.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2612262125.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7380, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7916, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 8016, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 1532, type: MEMORYSTR
                    Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\SessionsJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeKey opened: HKEY_CURRENT_USER\SOFTWARE\Martin Prikryl\WinSCP 2\Sessions
                    Tries to harvest and steal browser information (history, passwords, etc)
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data
                    Tries to steal Mail credentials (via file / registry access)
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.iniJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\ProfilesJump to behavior
                    Source: C:\Users\user\Desktop\e-dekont_html.scr.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\IdentitiesJump to behavior
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeFile opened: C:\Users\user\AppData\Roaming\Thunderbird\profiles.ini
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeKey opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles
                    Source: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exeKey opened: HKEY_CURRENT_USER\Software\IncrediMail\Identities
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2612303414.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2612262125.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7380, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7916, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 8016, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 1532, type: MEMORYSTR

                    Remote Access Functionality

                    barindex
                    Yara detected AgentTesla
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.651d4a0.20.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 1.2.e-dekont_html.scr.exe.64e2a80.19.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.45c5ec8.15.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 10.2.ZRbgEuSJYOgOl.exe.458b4a8.14.raw.unpack, type: UNPACKEDPE
                    Source: Yara matchFile source: 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2612303414.000000000317E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 0000000E.00000002.2612303414.0000000003131000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2612262125.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: 00000009.00000002.2612262125.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7380, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: e-dekont_html.scr.exe PID: 7916, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 8016, type: MEMORYSTR
                    Source: Yara matchFile source: Process Memory Space: ZRbgEuSJYOgOl.exe PID: 1532, type: MEMORYSTR

                    Mitre Att&ck Matrix

                    ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                    Gather Victim Identity InformationAcquire InfrastructureValid Accounts121
                    Windows Management Instrumentation                    		1
                    DLL Side-Loading                    		1
                    DLL Side-Loading                    		11
                    Disable or Modify Tools                    		1
                    OS Credential Dumping                    		1
                    File and Directory Discovery                    		Remote Services11
                    Archive Collected Data                    		1
                    Encrypted Channel                    		Exfiltration Over Other Network MediumAbuse Accessibility Features
                    CredentialsDomainsDefault Accounts1
                    Scheduled Task/Job                    		1
                    Scheduled Task/Job                    		111
                    Process Injection                    		1
                    Deobfuscate/Decode Files or Information                    		1
                    Input Capture                    		24
                    System Information Discovery                    		Remote Desktop Protocol1
                    Data from Local System                    		1
                    Non-Standard Port                    		Exfiltration Over BluetoothNetwork Denial of Service
                    Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
                    Scheduled Task/Job                    		3
                    Obfuscated Files or Information                    		1
                    Credentials in Registry                    		211
                    Security Software Discovery                    		SMB/Windows Admin Shares1
                    Email Collection                    		1
                    Non-Application Layer Protocol                    		Automated ExfiltrationData Encrypted for Impact
                    Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook32
                    Software Packing                    		NTDS1
                    Process Discovery                    		Distributed Component Object Model1
                    Input Capture                    		11
                    Application Layer Protocol                    		Traffic DuplicationData Destruction
                    Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script1
                    DLL Side-Loading                    		LSA Secrets141
                    Virtualization/Sandbox Evasion                    		SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
                    Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
                    Masquerading                    		Cached Domain Credentials1
                    Application Window Discovery                    		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                    DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items141
                    Virtualization/Sandbox Evasion                    		DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                    Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job111
                    Process Injection                    		Proc FilesystemSystem Owner/User DiscoveryCloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement

                    Behavior Graph

                    Hide Legend

                    Legend:

                    • Process
                    • Signature
                    • Created File
                    • DNS/IP Info
                    • Is Dropped
                    • Is Windows Process
                    • Number of created Registry Values
                    • Number of created Files
                    • Visual Basic
                    • Delphi
                    • Java
                    • .Net C# or VB.NET
                    • C, C++ or other language
                    • Is malicious
                    • Internet
                    behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1426827 Sample: e-dekont_html.scr.exe Startdate: 16/04/2024 Architecture: WINDOWS Score: 100 42 cp8nl.hyperhost.ua 2->42 46 Found malware configuration 2->46 48 Malicious sample detected (through community Yara rule) 2->48 50 Sigma detected: Scheduled temp file as task from temp location 2->50 52 8 other signatures 2->52 8 e-dekont_html.scr.exe 7 2->8         started        12 ZRbgEuSJYOgOl.exe 5 2->12         started        signatures3 process4 file5 38 C:\Users\user\AppData\...\ZRbgEuSJYOgOl.exe, PE32 8->38 dropped 40 C:\Users\user\AppData\Local\...\tmpA98F.tmp, XML 8->40 dropped 54 Detected unpacking (changes PE section rights) 8->54 56 Detected unpacking (overwrites its own PE header) 8->56 58 Queries sensitive network adapter information (via WMI, Win32_NetworkAdapter, often done to detect virtual machines) 8->58 66 2 other signatures 8->66 14 e-dekont_html.scr.exe 2 8->14         started        18 powershell.exe 23 8->18         started        20 powershell.exe 23 8->20         started        22 schtasks.exe 1 8->22         started        60 Multi AV Scanner detection for dropped file 12->60 62 Machine Learning detection for dropped file 12->62 64 Injects a PE file into a foreign processes 12->64 24 ZRbgEuSJYOgOl.exe 12->24         started        26 schtasks.exe 12->26         started        signatures6 process7 dnsIp8 44 cp8nl.hyperhost.ua 185.174.175.187, 49712, 49714, 587 ITLDC-NLUA Ukraine 14->44 68 Loading BitLocker PowerShell Module 18->68 28 conhost.exe 18->28         started        30 WmiPrvSE.exe 18->30         started        32 conhost.exe 20->32         started        34 conhost.exe 22->34         started        70 Tries to harvest and steal Putty / WinSCP information (sessions, passwords, etc) 24->70 72 Tries to steal Mail credentials (via file / registry access) 24->72 74 Tries to harvest and steal browser information (history, passwords, etc) 24->74 36 conhost.exe 26->36         started        signatures9 process10

                    Screenshots

                    Thumbnails

                    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                    windows-stand

                    Antivirus, Machine Learning and Genetic Malware Detection

                    Initial Sample

                    SourceDetectionScannerLabelLink
                    e-dekont_html.scr.exe32%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    e-dekont_html.scr.exe37%VirustotalBrowse
                    e-dekont_html.scr.exe100%Joe Sandbox ML

                    Dropped Files

                    SourceDetectionScannerLabelLink
                    C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe100%Joe Sandbox ML
                    C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe32%ReversingLabsByteCode-MSIL.Trojan.GenSteal
                    C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe37%VirustotalBrowse

                    Unpacked PE Files

                    No Antivirus matches

                    Domains

                    No Antivirus matches

                    URLs

                    SourceDetectionScannerLabelLink
                    http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#0%URL Reputationsafe
                    https://sectigo.com/CPS00%URL Reputationsafe
                    http://ocsp.sectigo.com00%URL Reputationsafe
                    https://www.chiark.greenend.org.uk/~sgtatham/putty/00%URL Reputationsafe

                    Domains and IPs

                    Contacted Domains

                    NameIPActiveMaliciousAntivirus DetectionReputation
                    cp8nl.hyperhost.ua
                    		185.174.175.187
                    		truefalse
                      		high

                      URLs from Memory and Binaries

                      NameSourceMaliciousAntivirus DetectionReputation
                      http://crt.sectigo.com/SectigoRSADomainValidationSecureServerCA.crt0#e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      https://sectigo.com/CPS0e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpfalse
                      • URL Reputation: safe
                      		unknown
                      http://ocsp.sectigo.co=e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                        		low
                        https://account.dyn.com/e-dekont_html.scr.exe, 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmpfalse
                          		high
                          http://ocsp.sectigo.com0e-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AC2000.00000004.00000020.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2608999212.000000000132B000.00000004.00000020.00020000.00000000.sdmpfalse
                          • URL Reputation: safe
                          		unknown
                          http://schemas.xmlsoap.org/ws/2005/05/identity/claims/namee-dekont_html.scr.exe, 00000001.00000002.1455141178.0000000002C55000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000A.00000002.1550186245.00000000027B1000.00000004.00000800.00020000.00000000.sdmpfalse
                            		high
                            https://www.chiark.greenend.org.uk/~sgtatham/putty/0e-dekont_html.scr.exe, ZRbgEuSJYOgOl.exe.1.drfalse
                            • URL Reputation: safe
                            		unknown
                            http://crt.sectigo.com/7e-dekont_html.scr.exe, 00000009.00000002.2628657547.0000000006AEA000.00000004.00000020.00020000.00000000.sdmpfalse
                              		unknown
                              http://cp8nl.hyperhost.uae-dekont_html.scr.exe, 00000009.00000002.2612262125.0000000002F46000.00000004.00000800.00020000.00000000.sdmp, ZRbgEuSJYOgOl.exe, 0000000E.00000002.2612303414.0000000003186000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                185.174.175.187
                                		cp8nl.hyperhost.uaUkraine
                                		21100ITLDC-NLUAfalse

                                General Information

                                Joe Sandbox version:40.0.0 Tourmaline
                                Analysis ID:1426827
                                Start date and time:2024-04-16 17:13:11 +02:00
                                Joe Sandbox product:CloudBasic
                                Overall analysis duration:0h 8m 48s
                                Hypervisor based Inspection enabled:false
                                Report type:full
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                Number of analysed new started processes analysed:21
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Sample name:e-dekont_html.scr.exe
                                Detection:MAL
                                Classification:mal100.troj.spyw.evad.winEXE@19/15@1/1
                                EGA Information:
                                • Successful, ratio: 100%
                                HCA Information:
                                • Successful, ratio: 95%
                                • Number of executed functions: 514
                                • Number of non-executed functions: 23
                                Cookbook Comments:
                                • Found application associated with file extension: .exe

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, ocsp.digicert.com, slscr.update.microsoft.com, fe3cr.delivery.mp.microsoft.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size exceeded maximum capacity and may have missing behavior information.
                                • Report size exceeded maximum capacity and may have missing disassembly code.
                                • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                • Report size getting too big, too many NtCreateKey calls found.
                                • Report size getting too big, too many NtOpenKeyEx calls found.
                                • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                • Report size getting too big, too many NtQueryValueKey calls found.

                                Simulations

                                Behavior and APIs

                                TimeTypeDescription
                                17:14:04API Interceptor81x Sleep call for process: e-dekont_html.scr.exe modified
                                17:14:11Task SchedulerRun new task: ZRbgEuSJYOgOl path: C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                17:14:11API Interceptor33x Sleep call for process: powershell.exe modified
                                17:14:14API Interceptor73x Sleep call for process: ZRbgEuSJYOgOl.exe modified

                                Joe Sandbox View / Context

                                IPs

                                MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                185.174.175.187e-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                  e-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                    SENDOU_-00126_TECH_(MR_for_Power_Equip_Svcs_Rev-P0).exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                      DHL G#U00d6NDER#U0130 B#U0130LD#U0130R#U0130M#U0130 VE BELGELER#U0130_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                        RFQ-TEC_DOC_II_2-COAL_SulselBarru_Rev.exeGet hashmaliciousAgentTeslaBrowse
                                          RFQ Technical Doc_935750101.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                            e-dekont_html.exeGet hashmaliciousAgentTeslaBrowse
                                              Ziraat Bankas#U0131 Swift Mesaj#U0131l#U180em#U180et#U180eh#U180e..exeGet hashmaliciousAgentTeslaBrowse
                                                Factura Comerciale___DHL_BL#6797986766768978097644685456.exeGet hashmaliciousAgentTeslaBrowse
                                                  TEKL#U0130F TALEP_xlsx.exeGet hashmaliciousAgentTeslaBrowse

                                                    Domains

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    cp8nl.hyperhost.uae-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    e-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    SENDOU_-00126_TECH_(MR_for_Power_Equip_Svcs_Rev-P0).exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 185.174.175.187
                                                    DHL G#U00d6NDER#U0130 B#U0130LD#U0130R#U0130M#U0130 VE BELGELER#U0130_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    RFQ-TEC_DOC_II_2-COAL_SulselBarru_Rev.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    RFQ Technical Doc_935750101.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 185.174.175.187
                                                    e-dekont_html.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    Ziraat Bankas#U0131 Swift Mesaj#U0131l#U180em#U180et#U180eh#U180e..exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    Factura Comerciale___DHL_BL#6797986766768978097644685456.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    TEKL#U0130F TALEP_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187

                                                    ASNs

                                                    MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                    ITLDC-NLUAe-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    e-dekont_html.scr.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    SENDOU_-00126_TECH_(MR_for_Power_Equip_Svcs_Rev-P0).exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 185.174.175.187
                                                    DHL G#U00d6NDER#U0130 B#U0130LD#U0130R#U0130M#U0130 VE BELGELER#U0130_xlsx.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    RFQ-TEC_DOC_II_2-COAL_SulselBarru_Rev.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    RFQ Technical Doc_935750101.exeGet hashmaliciousAgentTesla, GuLoaderBrowse
                                                    • 185.174.175.187
                                                    https://saidecommunity.org/assets/js/sd4.ps1Get hashmaliciousUnknownBrowse
                                                    • 195.123.218.40
                                                    e-dekont_html.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    Ziraat Bankas#U0131 Swift Mesaj#U0131l#U180em#U180et#U180eh#U180e..exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187
                                                    Factura Comerciale___DHL_BL#6797986766768978097644685456.exeGet hashmaliciousAgentTeslaBrowse
                                                    • 185.174.175.187

                                                    JA3 Fingerprints

                                                    No context

                                                    Dropped Files

                                                    No context

                                                    Created / dropped Files

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\ZRbgEuSJYOgOl.exe.log

                                                    Download File
                                                    Process:C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.34331486778365
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                    Malicious:false
                                                    Reputation:high, very likely benign file
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                    C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\e-dekont_html.scr.exe.log

                                                    Download File
                                                    Process:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):1216
                                                    Entropy (8bit):5.34331486778365
                                                    Encrypted:false
                                                    SSDEEP:24:MLUE4K5E4KH1qE4qXKDE4KhKiKhPKIE4oKNzKoZAE4Kze0E4x84j:MIHK5HKH1qHiYHKh3oPtHo6hAHKze0HJ
                                                    MD5:1330C80CAAC9A0FB172F202485E9B1E8
                                                    SHA1:86BAFDA4E4AE68C7C3012714A33D85D2B6E1A492
                                                    SHA-256:B6C63ECE799A8F7E497C2A158B1FFC2F5CB4F745A2F8E585F794572B7CF03560
                                                    SHA-512:75A17AB129FE97BBAB36AA2BD66D59F41DB5AFF44A705EF3E4D094EC5FCD056A3ED59992A0AC96C9D0D40E490F8596B07DCA9B60E606B67223867B061D9D0EB2
                                                    Malicious:false
                                                    Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..2,"System.Drawing, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Configuration, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\2192b0d5aa4aa14486ae08118d3b9fcc\System.Configuration.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02

                                                    C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:data
                                                    Category:dropped
                                                    Size (bytes):2232
                                                    Entropy (8bit):5.379552885213346
                                                    Encrypted:false
                                                    SSDEEP:48:fWSU4xympjgs4RIoU99tK8NPZHUl7u1iMuge//MM0Uyus:fLHxvCsIfA2KRHmOugA1s
                                                    MD5:D453258060AFEB6CAD05A86BCB4BA21D
                                                    SHA1:E9E3DC45C2973773AAA422079A5AD945F1C86389
                                                    SHA-256:CB241A1BDD284207E8ADD0BB2EEB08DB4B2FF9B86569D7E32FB84A9C9E97D857
                                                    SHA-512:F9ED104279065F45CE0EEF584A4435C9B6B90F9DD6E1DE89D4EDB4F635E866A039969B3BDF112888312E3AABB91B2D73EF7CA3E8A7CB34A3CE042B6F1B3090AC
                                                    Malicious:false
                                                    Preview:@...e................................................@..........P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..4.....................@.[8]'.\........System.Data.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServicesH................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.8..................1...L..U;V.<}........System.Numerics.<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_1ysamt1j.yvu.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_ae4fvqsl.nlb.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_g1g3g3kl.qmi.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_grfc5lp1.pcc.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jnoqfrvk.jde.psm1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_lybng2ex.zfq.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_noksldm2.3ba.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_nrxwncbf.wti.ps1

                                                    Download File
                                                    Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    File Type:ASCII text, with no line terminators
                                                    Category:dropped
                                                    Size (bytes):60
                                                    Entropy (8bit):4.038920595031593
                                                    Encrypted:false
                                                    SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                    MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                    SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                    SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                    SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                    Malicious:false
                                                    Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                    C:\Users\user\AppData\Local\Temp\tmpA98F.tmp

                                                    Download File
                                                    Process:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    File Type:XML 1.0 document, ASCII text
                                                    Category:dropped
                                                    Size (bytes):1586
                                                    Entropy (8bit):5.118044143954022
                                                    Encrypted:false
                                                    SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtgp+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTggv
                                                    MD5:9B3840745900AFC9D66DC601D2FB606D
                                                    SHA1:A06AA020E22BDDABC121B43BD341454538CDDDFB
                                                    SHA-256:604A00D8E002749B19CC0D0269E6F46EF9BDE9E24CE7C87BFD1CAA788E37277E
                                                    SHA-512:3555C6BAC7DCA14E3AD8AFA58B72DEE3491D17674F3A9FCC98C021884560211DF6D979BD353BE24A1562B43DBB91D626FFC10D7C2AD98A005D1D7C486A3D4C72
                                                    Malicious:true
                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                    C:\Users\user\AppData\Local\Temp\tmpD022.tmp

                                                    Download File
                                                    Process:C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                                    File Type:XML 1.0 document, ASCII text
                                                    Category:dropped
                                                    Size (bytes):1586
                                                    Entropy (8bit):5.118044143954022
                                                    Encrypted:false
                                                    SSDEEP:24:2di4+S2qhtJ12iy1mcrUnrKMhEMOFGpwOzNgU3ODOiIQRvh7hwrgXuNtgp+xvn:cgeLAYrFdOFzOzN33ODOiDdKrsuTggv
                                                    MD5:9B3840745900AFC9D66DC601D2FB606D
                                                    SHA1:A06AA020E22BDDABC121B43BD341454538CDDDFB
                                                    SHA-256:604A00D8E002749B19CC0D0269E6F46EF9BDE9E24CE7C87BFD1CAA788E37277E
                                                    SHA-512:3555C6BAC7DCA14E3AD8AFA58B72DEE3491D17674F3A9FCC98C021884560211DF6D979BD353BE24A1562B43DBB91D626FFC10D7C2AD98A005D1D7C486A3D4C72
                                                    Malicious:false
                                                    Preview:<?xml version="1.0" encoding="UTF-16"?>.<Task version="1.2" xmlns="http://schemas.microsoft.com/windows/2004/02/mit/task">. <RegistrationInfo>. <Date>2014-10-25T14:27:44.8929027</Date>. <Author>user-PC\user</Author>. </RegistrationInfo>. <Triggers>. <LogonTrigger>. <Enabled>true</Enabled>. <UserId>user-PC\user</UserId>. </LogonTrigger>. <RegistrationTrigger>. <Enabled>false</Enabled>. </RegistrationTrigger>. </Triggers>. <Principals>. <Principal id="Author">. <UserId>user-PC\user</UserId>. <LogonType>InteractiveToken</LogonType>. <RunLevel>LeastPrivilege</RunLevel>. </Principal>. </Principals>. <Settings>. <MultipleInstancesPolicy>StopExisting</MultipleInstancesPolicy>. <DisallowStartIfOnBatteries>false</DisallowStartIfOnBatteries>. <StopIfGoingOnBatteries>true</StopIfGoingOnBatteries>. <AllowHardTerminate>false</AllowHardTerminate>. <StartWhenAvailable>true</StartWhenAvailable>. <RunOnlyIfNetwor

                                                    C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe

                                                    Download File
                                                    Process:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Category:dropped
                                                    Size (bytes):1053704
                                                    Entropy (8bit):7.604567238083474
                                                    Encrypted:false
                                                    SSDEEP:24576:kp7jSc9duaYoRV9ii5nHMAXJ2LiMOxckwle5O4i:sGc9VTntVXJKiu
                                                    MD5:ABC774F48C2E514BDE4BA275A4314B4A
                                                    SHA1:141D5D859AFB0340302BD4EE2CA2BE9493F39804
                                                    SHA-256:FAD3E7058EB2FA88CE97E62A6A243748D6736F9C4E21E4112ED61A40813588B2
                                                    SHA-512:3D2158AFAB276197313827E33BF25302B623FBF69A48892FCCEB69C50690BF6BF9E7047AB18870030259BDB34D9B3FA7A32552A6964698F354E03AE531978065
                                                    Malicious:true
                                                    Antivirus:
                                                    • Antivirus: Joe Sandbox ML, Detection: 100%
                                                    • Antivirus: ReversingLabs, Detection: 32%
                                                    • Antivirus: Virustotal, Detection: 37%, Browse
                                                    Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(.f................................. ........@.. .......................@............@.....................................O........................6... ....................................................... ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc....... ......................@..B........................H.......P...\)......C......................................................@ki..#+.Dee.&K.(S.T:..O!./........m...........)!...S\..i..h..{d.qsl...'J.u..A...E..).......F@.."*.7....q&.I..*...........eja.AP.;..E...I...i..A}.R..:<A..L..|O...C..2k.6..s}uq. .uNe]-.*.G........c....a5sQw......dr!2WC.d....9Kh.n.... .a1C.iP.. .M......!.e..>.....b.5...s..c....j/d.......=..........rj..&..K..-+..;..etrp.....:.5|7....Ez.w.......iw9....=...P4.5.....2.X..8Y.v.u\3.....).

                                                    C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe:Zone.Identifier

                                                    Download File
                                                    Process:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    File Type:ASCII text, with CRLF line terminators
                                                    Category:dropped
                                                    Size (bytes):26
                                                    Entropy (8bit):3.95006375643621
                                                    Encrypted:false
                                                    SSDEEP:3:ggPYV:rPYV
                                                    MD5:187F488E27DB4AF347237FE461A079AD
                                                    SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                    SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                    SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                    Malicious:false
                                                    Preview:[ZoneTransfer]....ZoneId=0

                                                    Static File Info

                                                    General

                                                    File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                    Entropy (8bit):7.604567238083474
                                                    TrID:
                                                    • Win32 Executable (generic) Net Framework (10011505/4) 50.01%
                                                    • Win32 Executable (generic) a (10002005/4) 49.97%
                                                    • Generic Win/DOS Executable (2004/3) 0.01%
                                                    • DOS Executable Generic (2002/1) 0.01%
                                                    • Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
                                                    File name:e-dekont_html.scr.exe
                                                    File size:1'053'704 bytes
                                                    MD5:abc774f48c2e514bde4ba275a4314b4a
                                                    SHA1:141d5d859afb0340302bd4ee2ca2be9493f39804
                                                    SHA256:fad3e7058eb2fa88ce97e62a6a243748d6736f9c4e21e4112ed61a40813588b2
                                                    SHA512:3d2158afab276197313827e33bf25302b623fbf69a48892fcceb69c50690bf6bf9e7047ab18870030259bdb34d9b3fa7a32552a6964698f354e03ae531978065
                                                    SSDEEP:24576:kp7jSc9duaYoRV9ii5nHMAXJ2LiMOxckwle5O4i:sGc9VTntVXJKiu
                                                    TLSH:ED259D9D3610BADEC96BCE72C9981C20EA206477531BE307A11315EC9A0DB9BEF151F7
                                                    File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....(.f................................. ........@.. .......................@............@................................

                                                    File Icon

                                                    Icon Hash:00928e8e8686b000

                                                    Static PE Info

                                                    General

                                                    Entrypoint:0x4ff1fe
                                                    Entrypoint Section:.text
                                                    Digitally signed:true
                                                    Imagebase:0x400000
                                                    Subsystem:windows gui
                                                    Image File Characteristics:EXECUTABLE_IMAGE, 32BIT_MACHINE
                                                    DLL Characteristics:DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                    Time Stamp:0x661E28AF [Tue Apr 16 07:28:47 2024 UTC]
                                                    TLS Callbacks:
                                                    CLR (.Net) Version:
                                                    OS Version Major:4
                                                    OS Version Minor:0
                                                    File Version Major:4
                                                    File Version Minor:0
                                                    Subsystem Version Major:4
                                                    Subsystem Version Minor:0
                                                    Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                    Authenticode Signature

                                                    Signature Valid:false
                                                    Signature Issuer:CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB
                                                    Signature Validation Error:The digital signature of the object did not verify
                                                    Error Number:-2146869232
                                                    Not Before, Not After
                                                    • 13/11/2018 01:00:00 09/11/2021 00:59:59
                                                    Subject Chain
                                                    • CN=Simon Tatham, O=Simon Tatham, L=Cambridge, S=Cambridgeshire, C=GB
                                                    Version:3
                                                    Thumbprint MD5:DABD77E44EF6B3BB91740FA46696B779
                                                    Thumbprint SHA-1:5B9E273CF11941FD8C6BE3F038C4797BBE884268
                                                    Thumbprint SHA-256:4CD3325617EBB63319BA6E8F2A74B0B8CCA58920B48D8026EBCA2C756630D570
                                                    Serial:7C1118CBBADC95DA3752C46E47A27438

                                                    Entrypoint Preview

                                                    Instruction
                                                    jmp dword ptr [00402000h]
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al
                                                    add byte ptr [eax], al

                                                    Data Directories

                                                    NameVirtual AddressVirtual Size Is in Section
                                                    IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IMPORT0xff1ac0x4f.text
                                                    IMAGE_DIRECTORY_ENTRY_RESOURCE0x1000000x5a8.rsrc
                                                    IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_SECURITY0xfde000x3608
                                                    IMAGE_DIRECTORY_ENTRY_BASERELOC0x1020000xc.reloc
                                                    IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                    IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                    IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                    IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                    Sections

                                                    NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                    .text0x20000xfd2040xfd400b7759f841ce2d43213e88e397bfe6f07False0.81046493244077data7.604412881501509IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                    .rsrc0x1000000x5a80x6003d48cb9aa00abc723360cfe8a5467441False0.4205729166666667data4.0825435959223375IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                    .reloc0x1020000xc0x200ed49c2ed6b3d773f7001e2cca5c526b4False0.041015625data0.08153941234324169IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                    Resources

                                                    NameRVASizeTypeLanguageCountryZLIB Complexity
                                                    RT_VERSION0x1000a00x31cdata0.435929648241206
                                                    RT_MANIFEST0x1003bc0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                    Imports

                                                    DLLImport
                                                    mscoree.dll_CorExeMain

                                                    Network Behavior

                                                    Network Port Distribution

                                                    TCP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 16, 2024 17:14:13.679843903 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:13.888597012 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:13.888670921 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:19.135324001 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:19.192133904 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:19.204601049 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:19.413455009 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:19.413747072 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:19.623306036 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:19.676316977 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.123950005 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.351038933 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.351090908 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.351129055 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.351165056 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.351210117 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.351210117 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.353718996 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.369106054 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.578536034 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.594335079 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:21.804311991 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:21.810556889 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:22.020209074 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:22.024430990 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:22.273937941 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:22.392160892 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:22.602734089 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:22.602818966 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:22.831890106 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:22.842056990 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.053550959 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.056615114 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.268546104 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.274661064 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.497569084 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.497601032 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.497620106 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.497638941 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.497658014 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.497690916 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.499638081 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.501344919 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.712383032 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.729058027 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:23.940154076 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:23.940529108 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:24.192013025 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:24.714188099 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:24.714529991 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:24.923639059 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:24.923924923 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:24.926001072 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:24.926307917 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:24.934689999 CEST49712587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:25.143521070 CEST58749712185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:28.154449940 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:28.154834032 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:28.366527081 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:30.375601053 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:30.375868082 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:30.586663008 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:30.586682081 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:30.588138103 CEST58749714185.174.175.187192.168.2.8
                                                    Apr 16, 2024 17:14:30.588212013 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:30.591432095 CEST49714587192.168.2.8185.174.175.187
                                                    Apr 16, 2024 17:14:30.802140951 CEST58749714185.174.175.187192.168.2.8

                                                    UDP Packets

                                                    TimestampSource PortDest PortSource IPDest IP
                                                    Apr 16, 2024 17:14:13.508874893 CEST6256253192.168.2.81.1.1.1
                                                    Apr 16, 2024 17:14:13.673767090 CEST53625621.1.1.1192.168.2.8

                                                    DNS Queries

                                                    TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                    Apr 16, 2024 17:14:13.508874893 CEST192.168.2.81.1.1.10x8c66Standard query (0)cp8nl.hyperhost.uaA (IP address)IN (0x0001)false

                                                    DNS Answers

                                                    TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                    Apr 16, 2024 17:14:13.673767090 CEST1.1.1.1192.168.2.80x8c66No error (0)cp8nl.hyperhost.ua185.174.175.187A (IP address)IN (0x0001)false

                                                    SMTP Packets

                                                    TimestampSource PortDest PortSource IPDest IPCommands
                                                    Apr 16, 2024 17:14:19.135324001 CEST58749712185.174.175.187192.168.2.8220-cp8nl.hyperhost.ua ESMTP Exim 4.96.2 #2 Tue, 16 Apr 2024 18:14:19 +0300
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Apr 16, 2024 17:14:19.204601049 CEST49712587192.168.2.8185.174.175.187EHLO 562258
                                                    Apr 16, 2024 17:14:19.413455009 CEST58749712185.174.175.187192.168.2.8250-cp8nl.hyperhost.ua Hello 562258 [81.181.57.52]
                                                    250-SIZE 52428800
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-PIPECONNECT
                                                    250-STARTTLS
                                                    250 HELP
                                                    Apr 16, 2024 17:14:19.413747072 CEST49712587192.168.2.8185.174.175.187STARTTLS
                                                    Apr 16, 2024 17:14:19.623306036 CEST58749712185.174.175.187192.168.2.8220 TLS go ahead
                                                    Apr 16, 2024 17:14:22.831890106 CEST58749714185.174.175.187192.168.2.8220-cp8nl.hyperhost.ua ESMTP Exim 4.96.2 #2 Tue, 16 Apr 2024 18:14:22 +0300
                                                    220-We do not authorize the use of this system to transport unsolicited,
                                                    220 and/or bulk e-mail.
                                                    Apr 16, 2024 17:14:22.842056990 CEST49714587192.168.2.8185.174.175.187EHLO 562258
                                                    Apr 16, 2024 17:14:23.053550959 CEST58749714185.174.175.187192.168.2.8250-cp8nl.hyperhost.ua Hello 562258 [81.181.57.52]
                                                    250-SIZE 52428800
                                                    250-8BITMIME
                                                    250-PIPELINING
                                                    250-PIPECONNECT
                                                    250-STARTTLS
                                                    250 HELP
                                                    Apr 16, 2024 17:14:23.056615114 CEST49714587192.168.2.8185.174.175.187STARTTLS
                                                    Apr 16, 2024 17:14:23.268546104 CEST58749714185.174.175.187192.168.2.8220 TLS go ahead

                                                    Statistics

                                                    CPU Usage

                                                    Click to jump to process

                                                    Memory Usage

                                                    Click to jump to process

                                                    High Level Behavior Distribution

                                                    Click to dive into process behavior distribution

                                                    Behavior

                                                    Click to jump to process

                                                    System Behavior

                                                    General

                                                    Target ID:1
                                                    Start time:17:14:03
                                                    Start date:16/04/2024
                                                    Path:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\e-dekont_html.scr.exe"
                                                    Imagebase:0x6b0000
                                                    File size:1'053'704 bytes
                                                    MD5 hash:ABC774F48C2E514BDE4BA275A4314B4A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000001.00000002.1461386146.00000000064E2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:3
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\Desktop\e-dekont_html.scr.exe"
                                                    Imagebase:0xc90000
                                                    File size:433'152 bytes
                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:4
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6ee680000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:5
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe" Add-MpPreference -ExclusionPath "C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"
                                                    Imagebase:0xc90000
                                                    File size:433'152 bytes
                                                    MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:6
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6ee680000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:7
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpA98F.tmp"
                                                    Imagebase:0xd70000
                                                    File size:187'904 bytes
                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:8
                                                    Start time:17:14:10
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6ee680000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:9
                                                    Start time:17:14:11
                                                    Start date:16/04/2024
                                                    Path:C:\Users\user\Desktop\e-dekont_html.scr.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\Desktop\e-dekont_html.scr.exe"
                                                    Imagebase:0xcb0000
                                                    File size:1'053'704 bytes
                                                    MD5 hash:ABC774F48C2E514BDE4BA275A4314B4A
                                                    Has elevated privileges:true
                                                    Has administrator privileges:true
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2608572120.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2612262125.0000000002F3E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.2612262125.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 00000009.00000002.2612262125.0000000002EF1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:false

                                                    General

                                                    Target ID:10
                                                    Start time:17:14:11
                                                    Start date:16/04/2024
                                                    Path:C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                                    Imagebase:0x310000
                                                    File size:1'053'704 bytes
                                                    MD5 hash:ABC774F48C2E514BDE4BA275A4314B4A
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000A.00000002.1552727538.000000000458B000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Antivirus matches:
                                                    • Detection: 100%, Joe Sandbox ML
                                                    • Detection: 32%, ReversingLabs
                                                    • Detection: 37%, Virustotal, Browse
                                                    Reputation:low
                                                    Has exited:true

                                                    General

                                                    Target ID:11
                                                    Start time:17:14:12
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\System32\wbem\WmiPrvSE.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\wbem\wmiprvse.exe -secured -Embedding
                                                    Imagebase:0x7ff605670000
                                                    File size:496'640 bytes
                                                    MD5 hash:60FF40CFD7FB8FE41EE4FE9AE5FE1C51
                                                    Has elevated privileges:true
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:false

                                                    General

                                                    Target ID:12
                                                    Start time:17:14:20
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\SysWOW64\schtasks.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Windows\System32\schtasks.exe" /Create /TN "Updates\ZRbgEuSJYOgOl" /XML "C:\Users\user\AppData\Local\Temp\tmpD022.tmp"
                                                    Imagebase:0xd70000
                                                    File size:187'904 bytes
                                                    MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:13
                                                    Start time:17:14:20
                                                    Start date:16/04/2024
                                                    Path:C:\Windows\System32\conhost.exe
                                                    Wow64 process (32bit):false
                                                    Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                    Imagebase:0x7ff6ee680000
                                                    File size:862'208 bytes
                                                    MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Reputation:high
                                                    Has exited:true

                                                    General

                                                    Target ID:14
                                                    Start time:17:14:20
                                                    Start date:16/04/2024
                                                    Path:C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe
                                                    Wow64 process (32bit):true
                                                    Commandline:"C:\Users\user\AppData\Roaming\ZRbgEuSJYOgOl.exe"
                                                    Imagebase:0xd60000
                                                    File size:1'053'704 bytes
                                                    MD5 hash:ABC774F48C2E514BDE4BA275A4314B4A
                                                    Has elevated privileges:false
                                                    Has administrator privileges:false
                                                    Programmed in:C, C++ or other language
                                                    Yara matches:
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.2612303414.000000000317E000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 0000000E.00000002.2612303414.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    • Rule: JoeSecurity_AgentTesla_1, Description: Yara detected AgentTesla, Source: 0000000E.00000002.2612303414.0000000003131000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                    Reputation:low
                                                    Has exited:false

                                                    Disassembly

                                                    Reset < >

                                                      Execution Graph

                                                      Execution Coverage:15.8%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:19.9%
                                                      Total number of Nodes:151
                                                      Total number of Limit Nodes:9
                                                      execution_graph 59210 fda368 59212 fda38f 59210->59212 59211 fda46c 59212->59211 59214 fd9f94 59212->59214 59215 fdb3f8 CreateActCtxA 59214->59215 59217 fdb4bb 59215->59217 59218 fd9028 59219 fd9070 VirtualProtect 59218->59219 59220 fd90aa 59219->59220 59203 29cea10 59204 29ceb9b 59203->59204 59206 29cea36 59203->59206 59206->59204 59207 29c7ed4 59206->59207 59208 29cec90 PostMessageW 59207->59208 59209 29cecfc 59208->59209 59209->59206 59221 29ca243 59222 29ca2c0 59221->59222 59223 29ca2b7 59222->59223 59226 29cd888 59222->59226 59231 29cd879 59222->59231 59227 29cd8a2 59226->59227 59236 29cdb79 59227->59236 59253 29cdbc1 59227->59253 59228 29cd8c6 59228->59223 59232 29cd8a2 59231->59232 59234 29cdb79 12 API calls 59232->59234 59235 29cdbc1 12 API calls 59232->59235 59233 29cd8c6 59233->59223 59234->59233 59235->59233 59237 29cdb87 59236->59237 59238 29cdbaf 59237->59238 59271 29ce158 59237->59271 59279 29ce085 59237->59279 59284 29ce104 59237->59284 59289 29cdda8 59237->59289 59297 29ce54e 59237->59297 59302 29cddf0 59237->59302 59310 29cde77 59237->59310 59314 29ce1b7 59237->59314 59319 29cdcf7 59237->59319 59323 29ce096 59237->59323 59328 29ce476 59237->59328 59334 29ce3b5 59237->59334 59339 29cdc94 59237->59339 59344 29ce27b 59237->59344 59238->59228 59254 29cdbc6 59253->59254 59255 29cdb87 59253->59255 59254->59228 59256 29cdbaf 59255->59256 59257 29ce158 4 API calls 59255->59257 59258 29ce27b 2 API calls 59255->59258 59259 29cdc94 2 API calls 59255->59259 59260 29ce3b5 2 API calls 59255->59260 59261 29ce476 2 API calls 59255->59261 59262 29ce096 2 API calls 59255->59262 59263 29cdcf7 2 API calls 59255->59263 59264 29ce1b7 2 API calls 59255->59264 59265 29cde77 2 API calls 59255->59265 59266 29cddf0 2 API calls 59255->59266 59267 29ce54e 2 API calls 59255->59267 59268 29cdda8 2 API calls 59255->59268 59269 29ce104 2 API calls 59255->59269 59270 29ce085 2 API calls 59255->59270 59256->59228 59257->59256 59258->59256 59259->59256 59260->59256 59261->59256 59262->59256 59263->59256 59264->59256 59265->59256 59266->59256 59267->59256 59268->59256 59269->59256 59270->59256 59272 29cdf32 59271->59272 59273 29cdd67 59271->59273 59351 29c9388 59272->59351 59355 29c9390 59272->59355 59274 29cdd79 59273->59274 59359 29c95d8 59273->59359 59363 29c95d0 59273->59363 59274->59238 59280 29ce5f1 59279->59280 59367 29c9439 59280->59367 59371 29c9440 59280->59371 59281 29ce60c 59285 29ce10a 59284->59285 59287 29c95d8 WriteProcessMemory 59285->59287 59288 29c95d0 WriteProcessMemory 59285->59288 59286 29cdf98 59286->59238 59287->59286 59288->59286 59290 29cddc9 59289->59290 59293 29c9518 VirtualAllocEx 59290->59293 59294 29c9511 VirtualAllocEx 59290->59294 59291 29ce51c 59292 29ce555 59291->59292 59375 29c9511 59291->59375 59379 29c9518 59291->59379 59293->59291 59294->59291 59298 29ce51c 59297->59298 59299 29ce555 59297->59299 59298->59297 59300 29c9518 VirtualAllocEx 59298->59300 59301 29c9511 VirtualAllocEx 59298->59301 59300->59298 59301->59298 59303 29cddc9 59302->59303 59303->59238 59306 29c9518 VirtualAllocEx 59303->59306 59307 29c9511 VirtualAllocEx 59303->59307 59304 29ce51c 59305 29ce555 59304->59305 59308 29c9518 VirtualAllocEx 59304->59308 59309 29c9511 VirtualAllocEx 59304->59309 59306->59304 59307->59304 59308->59304 59309->59304 59312 29c9439 Wow64SetThreadContext 59310->59312 59313 29c9440 Wow64SetThreadContext 59310->59313 59311 29cde91 59311->59238 59312->59311 59313->59311 59316 29cdd67 59314->59316 59315 29cdd79 59315->59238 59316->59315 59317 29c95d8 WriteProcessMemory 59316->59317 59318 29c95d0 WriteProcessMemory 59316->59318 59317->59316 59318->59316 59320 29cdd3c 59319->59320 59383 29c9c8d 59319->59383 59387 29c9c98 59319->59387 59320->59238 59324 29ce3bc 59323->59324 59325 29ce3de 59324->59325 59391 29c96c8 59324->59391 59395 29c96c1 59324->59395 59329 29ce11b 59328->59329 59330 29ce495 59328->59330 59332 29c95d8 WriteProcessMemory 59329->59332 59333 29c95d0 WriteProcessMemory 59329->59333 59331 29cdf98 59331->59238 59332->59331 59333->59331 59335 29ce3bb 59334->59335 59337 29c96c8 ReadProcessMemory 59335->59337 59338 29c96c1 ReadProcessMemory 59335->59338 59336 29ce3de 59337->59336 59338->59336 59340 29cdc9e 59339->59340 59342 29c9c8d CreateProcessA 59340->59342 59343 29c9c98 CreateProcessA 59340->59343 59341 29cdd3c 59341->59238 59342->59341 59343->59341 59349 29c95d8 WriteProcessMemory 59344->59349 59350 29c95d0 WriteProcessMemory 59344->59350 59345 29cdd79 59345->59238 59346 29cdd67 59346->59345 59347 29c95d8 WriteProcessMemory 59346->59347 59348 29c95d0 WriteProcessMemory 59346->59348 59347->59346 59348->59346 59349->59346 59350->59346 59352 29c93d0 ResumeThread 59351->59352 59354 29c9401 59352->59354 59354->59273 59356 29c93d0 ResumeThread 59355->59356 59358 29c9401 59356->59358 59358->59273 59360 29c9620 WriteProcessMemory 59359->59360 59362 29c9677 59360->59362 59362->59273 59364 29c9620 WriteProcessMemory 59363->59364 59366 29c9677 59364->59366 59366->59273 59368 29c9485 Wow64SetThreadContext 59367->59368 59370 29c94cd 59368->59370 59370->59281 59372 29c9485 Wow64SetThreadContext 59371->59372 59374 29c94cd 59372->59374 59374->59281 59376 29c9558 VirtualAllocEx 59375->59376 59378 29c9595 59376->59378 59378->59291 59380 29c9558 VirtualAllocEx 59379->59380 59382 29c9595 59380->59382 59382->59291 59384 29c9c99 CreateProcessA 59383->59384 59386 29c9ee3 59384->59386 59388 29c9d21 CreateProcessA 59387->59388 59390 29c9ee3 59388->59390 59392 29c9713 ReadProcessMemory 59391->59392 59394 29c9757 59392->59394 59394->59325 59396 29c9713 ReadProcessMemory 59395->59396 59398 29c9757 59396->59398 59398->59325

                                                      Executed Functions

                                                      Function 00FD4039 Relevance: 2.8, Strings: 2, Instructions: 341COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 376 fd4039-fd409b 379 fd40a0-fd40b5 376->379 380 fd40bb 379->380 381 fd4633 379->381 382 fd40df-fd40fc 380->382 383 fd4218-fd421c 380->383 384 fd42f8-fd4306 380->384 385 fd42b6-fd42ba 380->385 386 fd41a0-fd41aa 380->386 387 fd4110-fd4124 380->387 388 fd40c2-fd40cd 380->388 435 fd4636 call fd40cf 381->435 436 fd4636 call fd420f 381->436 437 fd4636 call fd40fe 381->437 438 fd4636 call fd4039 381->438 439 fd4636 call fd418a 381->439 440 fd4636 call fd4156 381->440 441 fd4636 call fd4710 381->441 442 fd4636 call fd4700 381->442 382->379 390 fd421e-fd4223 383->390 391 fd4225 383->391 384->379 392 fd464f-fd473d call fd00e4 385->392 393 fd42c0-fd42c7 385->393 386->379 387->379 388->379 389 fd463c-fd464e 394 fd422a 390->394 391->394 401 fd4742 392->401 393->392 396 fd42cd-fd42de 393->396 394->379 396->379 402 fd4747-fd475c 401->402 403 fd4885-fd48ce call fd00f4 402->403 404 fd4762 402->404 431 fd48d0 call fd5d0d 403->431 432 fd48d0 call fd5719 403->432 433 fd48d0 call fd55e8 403->433 434 fd48d0 call fd575a 403->434 404->401 404->403 405 fd47bd-fd47da 404->405 406 fd480d-fd4826 404->406 407 fd47df-fd47f5 404->407 408 fd486e-fd4880 404->408 409 fd483e-fd4869 404->409 410 fd47a9-fd47ad 404->410 411 fd4769-fd4775 404->411 412 fd482b-fd4839 404->412 413 fd478a-fd4795 404->413 414 fd4797-fd47a7 404->414 405->402 406->402 426 fd47fd-fd4808 407->426 408->402 409->402 415 fd47af-fd47b4 410->415 416 fd47b6 410->416 427 fd477d-fd4788 411->427 412->402 413->402 414->402 419 fd47bb 415->419 416->419 419->402 426->402 427->402 430 fd48d6-fd48df 431->430 432->430 433->430 434->430 435->389 436->389 437->389 438->389 439->389 440->389 441->389 442->389
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: P k$S%"
                                                      • API String ID: 0-691170944
                                                      • Opcode ID: 74c6d574818f2aa71283be61bf1b276cf68cb96c73040fc8ca1dd5994061a6da
                                                      • Instruction ID: 9612b9837885de5dc53ef4f637c0afa02801d2c26569aad891ea53dd06ec2760
                                                      • Opcode Fuzzy Hash: 74c6d574818f2aa71283be61bf1b276cf68cb96c73040fc8ca1dd5994061a6da
                                                      • Instruction Fuzzy Hash: 78B16B31B192948FDB058BB4CD5626EBBA2FF86300B24C07FD496AB791C6349D07D762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BF990 Relevance: 2.8, Strings: 2, Instructions: 299COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 443 96bf990-96bf9b4 444 96bf9e8-96bfa16 call 96bf0c8 443->444 447 96bf9b6-96bf9b9 444->447 448 96bf9bb 447->448 449 96bf9c2-96bf9d6 447->449 448->444 448->449 450 96bfb28-96bfb30 448->450 451 96bfa18-96bfa30 448->451 452 96bfbb8-96bfbff 448->452 453 96bfa3f-96bfaaa call 96bf258 448->453 454 96bfacd-96bfae0 448->454 455 96bfabc-96bfac8 448->455 456 96bfa32-96bfa3a 448->456 457 96bfb67-96bfb9e 448->457 458 96bfb35-96bfb40 448->458 459 96bfc04-96bfc24 448->459 464 96bfc25-96bfca0 449->464 467 96bf9dc-96bf9e6 449->467 450->447 451->447 452->447 512 96bfab2-96bfab7 453->512 463 96bfae6-96bfaee 454->463 454->464 455->447 456->447 457->464 492 96bfba4-96bfbb3 457->492 460 96bfb42-96bfb49 458->460 461 96bfb60-96bfb65 458->461 460->464 466 96bfb4f-96bfb56 460->466 468 96bfb5b 461->468 463->464 472 96bfaf4-96bfb02 463->472 482 96bfcc2-96bfcc7 464->482 466->468 467->447 468->447 472->464 475 96bfb08-96bfb0d 472->475 480 96bfb0f 475->480 481 96bfb16-96bfb1a 475->481 485 96bfb11 480->485 481->464 486 96bfb20-96bfb26 481->486 484 96bfca2-96bfca5 482->484 490 96bfcae-96bfcc0 484->490 491 96bfca7 484->491 485->447 486->485 490->484 491->482 491->490 493 96bfcc9-96bfcd8 491->493 494 96bfd58-96bfd5d 491->494 495 96bfce8-96bfcf0 491->495 496 96bfd4c-96bfd55 491->496 497 96bfd2c-96bfd33 491->497 498 96bfcf2-96bfd06 491->498 499 96bfd16-96bfd27 491->499 492->447 503 96bfcda 493->503 504 96bfce1-96bfce6 493->504 494->484 495->484 505 96bfd3a-96bfd3c 497->505 506 96bfd35-96bfd39 497->506 513 96bfd08-96bfd14 498->513 514 96bfd62-96bfd67 498->514 499->484 509 96bfcdf 503->509 504->509 507 96bfd3e 505->507 508 96bfd45-96bfd4a 505->508 506->505 511 96bfd40 507->511 508->511 509->484 511->484 512->447 513->484
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $Ll$d@l
                                                      • API String ID: 0-1815388069
                                                      • Opcode ID: 20da1d1456ff73c7815e65a784f7eb55eb83924ea6a9b23d05cd1692ce7d2d30
                                                      • Instruction ID: 323cb3920b1716c661dc8d722586dd2b17cf3805368f14e6a0d232f5a3f8fceb
                                                      • Opcode Fuzzy Hash: 20da1d1456ff73c7815e65a784f7eb55eb83924ea6a9b23d05cd1692ce7d2d30
                                                      • Instruction Fuzzy Hash: 55B11271A05205DFD708EFA4C8517BBBBB6FB85300F10846AE5569F3E5EB349882CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BA0B7 Relevance: 1.8, Strings: 1, Instructions: 542COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Il
                                                      • API String ID: 0-3833604918
                                                      • Opcode ID: 457d3c8c624adb08896e0af266050626c983ea0f5005fc6054776b5842be35e2
                                                      • Instruction ID: e0ae1b5b38a646d06cd9870b31364f65d34948bf35ed9880c70b47af94db6027
                                                      • Opcode Fuzzy Hash: 457d3c8c624adb08896e0af266050626c983ea0f5005fc6054776b5842be35e2
                                                      • Instruction Fuzzy Hash: AA220371A05244CFD719DFE8CA556AEBBF5FF42304F24815AE412AF3A1E3359882CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BB2E0 Relevance: 1.6, Strings: 1, Instructions: 379COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 893 96bb2e0-96bb306 894 96bb328-96bb32d 893->894 895 96bb308-96bb30b 894->895 896 96bb30d 895->896 897 96bb314-96bb326 895->897 896->894 896->897 898 96bb36a-96bb36f 896->898 899 96bb3fa-96bb401 896->899 900 96bb32f-96bb33b 896->900 901 96bb3e3-96bb3f7 896->901 902 96bb371-96bb384 896->902 903 96bb3a6-96bb3ae 896->903 904 96bb386-96bb392 896->904 905 96bb365-96bb367 896->905 906 96bb395-96bb3a1 896->906 897->895 898->895 907 96bb413-96bb469 899->907 908 96bb403-96bb40e 899->908 912 96bb33d-96bb341 900->912 913 96bb352-96bb356 900->913 902->895 909 96bb3b0-96bb3b4 903->909 910 96bb3b5-96bb3b7 903->910 904->906 905->898 906->895 999 96bb46e call 96bb2d2 907->999 1000 96bb46e call 96bb4d2 907->1000 1001 96bb46e call 96bb2e0 907->1001 1002 96bb46e call 96bb450 907->1002 908->895 909->910 918 96bb3b9-96bb3c0 910->918 919 96bb3d0-96bb3d4 910->919 912->907 914 96bb347-96bb34b 912->914 913->907 915 96bb35c-96bb363 913->915 920 96bb350 914->920 915->920 918->907 923 96bb3c2-96bb3ca 918->923 919->907 921 96bb3d6-96bb3e1 919->921 920->895 924 96bb3cb 921->924 923->924 924->895 925 96bb474-96bb48f 927 96bb491-96bb49f 925->927 928 96bb4c5-96bb50a 925->928 927->928 929 96bb4a1-96bb4b8 927->929 932 96bb538-96bb53d 928->932 929->928 930 96bb4ba-96bb4c4 929->930 933 96bb50c-96bb50f 932->933 934 96bb518-96bb529 933->934 935 96bb511 933->935 945 96bb61f-96bb694 934->945 956 96bb52f-96bb536 934->956 935->932 935->934 936 96bb59b-96bb5aa 935->936 937 96bb5b9-96bb5c4 935->937 938 96bb5ef-96bb603 935->938 939 96bb53f-96bb54a 935->939 940 96bb561 935->940 941 96bb557-96bb55f 935->941 942 96bb606-96bb60d 935->942 943 96bb596 935->943 944 96bb595 935->944 936->945 947 96bb5ac-96bb5b4 936->947 949 96bb5cb-96bb5cd 937->949 950 96bb5c6-96bb5ca 937->950 951 96bb54c 939->951 952 96bb550-96bb555 939->952 954 96bb569-96bb570 940->954 941->933 942->945 946 96bb60f-96bb61a 942->946 943->936 944->943 964 96bb6b6-96bb6ba 945->964 946->933 947->933 957 96bb5e8-96bb5ed 949->957 958 96bb5cf-96bb5d3 949->958 950->949 953 96bb54e 951->953 952->953 953->933 954->945 960 96bb576-96bb581 954->960 956->933 959 96bb5e3 957->959 958->945 962 96bb5d5-96bb5db 958->962 959->933 960->945 963 96bb587-96bb590 960->963 965 96bb5dd 962->965 966 96bb5e0 962->966 963->933 967 96bb696-96bb699 964->967 965->966 966->959 968 96bb69b 967->968 969 96bb6a2-96bb6b4 967->969 968->964 968->969 970 96bb75b-96bb75d 968->970 971 96bb6fa-96bb70b 968->971 972 96bb728-96bb738 968->972 973 96bb70d-96bb722 968->973 974 96bb6bc-96bb6c8 968->974 975 96bb783-96bb78a 968->975 976 96bb727 968->976 977 96bb754-96bb756 968->977 969->967 980 96bb75f-96bb765 970->980 981 96bb777-96bb780 970->981 971->967 984 96bb73a-96bb73e 972->984 985 96bb73f-96bb741 972->985 973->967 978 96bb6ca-96bb6d1 974->978 979 96bb6e0-96bb6e7 974->979 982 96bb798-96bb79e 975->982 983 96bb78c-96bb793 975->983 976->972 977->967 978->982 989 96bb6d7-96bb6db 978->989 979->982 990 96bb6ed-96bb6f8 979->990 991 96bb769-96bb775 980->991 992 96bb767 980->992 983->967 984->985 987 96bb74d-96bb752 985->987 988 96bb743 985->988 996 96bb748 987->996 988->996 997 96bb6de 989->997 990->997 991->981 992->981 996->967 997->967 999->925 1000->925 1001->925 1002->925
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: DLl
                                                      • API String ID: 0-4230412509
                                                      • Opcode ID: 9d8f622a8772b6e13e3440fbccaa7f1d91bd10088581b6f6b8149b6ecd41859e
                                                      • Instruction ID: 96e62e20b617763bd208276efdea7f8500796c2a710dc99cf45ed73a2455cac8
                                                      • Opcode Fuzzy Hash: 9d8f622a8772b6e13e3440fbccaa7f1d91bd10088581b6f6b8149b6ecd41859e
                                                      • Instruction Fuzzy Hash: 35E1DE31A04255CFCB14CF79C9416EABBF5AF46350F1485ABE066DF2A2E334D982CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD5DD9 Relevance: 1.5, Strings: 1, Instructions: 294COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: SP
                                                      • API String ID: 0-2402715428
                                                      • Opcode ID: c35f867cd8f825c5bb0175fb6029493a6bdb6813780dbf66c662bc3a386e3b5e
                                                      • Instruction ID: ed76bc7c31113c8ebd040b5c1bb264894eea0f0938bec1994e1f3e6eac48fadb
                                                      • Opcode Fuzzy Hash: c35f867cd8f825c5bb0175fb6029493a6bdb6813780dbf66c662bc3a386e3b5e
                                                      • Instruction Fuzzy Hash: 60A1053211E2908FC705CF34C9965667FA3EF4271076A85ABD852DFA93C730D982D7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD5EB8 Relevance: 1.4, Strings: 1, Instructions: 186COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: SP
                                                      • API String ID: 0-2402715428
                                                      • Opcode ID: f2112b9eecdede232da9431be9bf017ed04abf793eca6a95a8c235e224464133
                                                      • Instruction ID: 3b546cd77f34ad7f4a97d9ed1454dc5ddb086f33a8d824dd9be9d1a90c66ffc7
                                                      • Opcode Fuzzy Hash: f2112b9eecdede232da9431be9bf017ed04abf793eca6a95a8c235e224464133
                                                      • Instruction Fuzzy Hash: A271E332604105CFCB54DF28C58052ABBA7FB80B41BAA4957D907DF796CB30EE41AB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD4CF4 Relevance: 1.4, Strings: 1, Instructions: 146COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: [ouZ
                                                      • API String ID: 0-2805329659
                                                      • Opcode ID: 7a97a222b78c3ca784f648ea3306dfe474d198b6d23e54fc2785e6e6067abc27
                                                      • Instruction ID: 099c25680165ba52edc374c4ec095f94e9fa41e7d95b593f6511be3a51b9fad3
                                                      • Opcode Fuzzy Hash: 7a97a222b78c3ca784f648ea3306dfe474d198b6d23e54fc2785e6e6067abc27
                                                      • Instruction Fuzzy Hash: EE51A733B06212DBC35CAB348E112AAB357BFC5B0175A5A27900A9E390CA75D951F7D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B0F090 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: k)>1
                                                      • API String ID: 0-3940862262
                                                      • Opcode ID: cff1c6190aa08c561094a18b7421b1ebeb2736f3d2a03dfe1e04219e995e0d5e
                                                      • Instruction ID: 50c2426200d7aa9d0ea756d00a9283705be20adcf491e7385bc2dbd292578c9d
                                                      • Opcode Fuzzy Hash: cff1c6190aa08c561094a18b7421b1ebeb2736f3d2a03dfe1e04219e995e0d5e
                                                      • Instruction Fuzzy Hash: 56516E34A0020ADFCB14CF94C5559AEBBF2FFC4344F54C8AAD01AAB6A5E730DA55CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B45BD Relevance: 1.4, Strings: 1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: +D&
                                                      • API String ID: 0-2159063270
                                                      • Opcode ID: 0db0bc6f18dc312b806d4bc4f7b01bc556fb5d1f3deb72525121b4383243d22d
                                                      • Instruction ID: 4e27621efde7899baa6084d86fd685fecacb6dddd5ae28cebc430aaa5506209b
                                                      • Opcode Fuzzy Hash: 0db0bc6f18dc312b806d4bc4f7b01bc556fb5d1f3deb72525121b4383243d22d
                                                      • Instruction Fuzzy Hash: F341F337A04155CBCB04CF68D9446FEB3A2BB45381F4A8A72E545AF2B3EB34D891C746
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096A1138 Relevance: .9, Instructions: 927COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1462960682.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96a0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2698e751a610f83c58c06136b7300c46563dfa5afdb1929bbc0dafd9dcd4aee0
                                                      • Instruction ID: 7da74c6ba9ec8e79ad69ded3281c49feae5e2488dd166a11cc988497e11770ea
                                                      • Opcode Fuzzy Hash: 2698e751a610f83c58c06136b7300c46563dfa5afdb1929bbc0dafd9dcd4aee0
                                                      • Instruction Fuzzy Hash: A6A21C31E106598FCB25DF68C8586EDB7B1FF89300F1482A9D94AA7351EB74AE85CF40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B9CF0 Relevance: .8, Instructions: 847COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e04f3c4deb69de1c75ccdb1febf76540d0a55601075993ad7de95a9004c449db
                                                      • Instruction ID: ceb1dff68b959937efd4220add05eeae59e28660b03ed0455449a735cb638b63
                                                      • Opcode Fuzzy Hash: e04f3c4deb69de1c75ccdb1febf76540d0a55601075993ad7de95a9004c449db
                                                      • Instruction Fuzzy Hash: FF52E130B002148FDB08AB78C894BAE77A7EFC5760B648569D41ADB3E5DF34DC4287A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B2420 Relevance: .7, Instructions: 668COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c43dcbbe6834a029851b76cff118727be8e99038afb41f8f3f1afc57fb961370
                                                      • Instruction ID: d67f5f7d663bfb1794226e8ee3782a5b0d4602c7b5c99447b297b088ee1a709f
                                                      • Opcode Fuzzy Hash: c43dcbbe6834a029851b76cff118727be8e99038afb41f8f3f1afc57fb961370
                                                      • Instruction Fuzzy Hash: 05520530A10605CFDB14DF68C588A9DBBF2FF88754F6585A8D44A9B3A1DB34EC86CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BE498 Relevance: .5, Instructions: 512COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 72dc0a2b587703fcb2251fa6bc4771d50096d99741568f23b462640b35b6f873
                                                      • Instruction ID: 0c3251aa10697ad282507a585572666c6558c0c94556c7c71da12fe3ee956ed8
                                                      • Opcode Fuzzy Hash: 72dc0a2b587703fcb2251fa6bc4771d50096d99741568f23b462640b35b6f873
                                                      • Instruction Fuzzy Hash: 9532FC71E1061A8FCB14DF68C880ADDF7B1FF89300F1186AAD459A7255EB70A9C5CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BE641 Relevance: .4, Instructions: 378COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 970d23e33a10547de1c8261fd8a4eff95ba50aa50c93210af0a85cd4aa17698d
                                                      • Instruction ID: ea42f2da7c3cf440b001c2b6d844334e495100a76cdda3d367a5ac59b7ce1755
                                                      • Opcode Fuzzy Hash: 970d23e33a10547de1c8261fd8a4eff95ba50aa50c93210af0a85cd4aa17698d
                                                      • Instruction Fuzzy Hash: 5612B775D1061A8FCB15DF68C880AD9F7B1FF89300F15C6AAD859A7215EB70AAC5CF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E1928 Relevance: .2, Instructions: 238COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f756434540aa7cb397fa05569e2c0be7d76586251c963e7281c4a29c433f756
                                                      • Instruction ID: 59d5002c41bb335b8672a9242ed306e8ac4bb617ceb476b0422ff8bf7c555864
                                                      • Opcode Fuzzy Hash: 2f756434540aa7cb397fa05569e2c0be7d76586251c963e7281c4a29c433f756
                                                      • Instruction Fuzzy Hash: 2BA1E731928156CFC710CF6AC4847BABBF2AF45602F8981BAD4B9FB295D374C950CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B7A00 Relevance: .2, Instructions: 206COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb6f21446742471a5a142b3b49f546a8f354ecda29da63fe0f0aab72c285a61b
                                                      • Instruction ID: cd8f8aff26455b7642bd644277569f1960423100d1ac5a90741adea0c3fb128b
                                                      • Opcode Fuzzy Hash: cb6f21446742471a5a142b3b49f546a8f354ecda29da63fe0f0aab72c285a61b
                                                      • Instruction Fuzzy Hash: B9711530A09346CFC31A8F74C9566A9BFB5EFC6300B1485AFD055DF6A2E7748942CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD4700 Relevance: .1, Instructions: 145COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5d3013e4cefb6371b957933f582e78b4578dbe0d4f2e8bb605c2613be2f82824
                                                      • Instruction ID: ab7884a2c6379a5af90f3bb9ac5b67a9a9a1b50f9b46d758e3b14897f4ef43e7
                                                      • Opcode Fuzzy Hash: 5d3013e4cefb6371b957933f582e78b4578dbe0d4f2e8bb605c2613be2f82824
                                                      • Instruction Fuzzy Hash: FA51D235B001548FDB04CBA48C45BBEBBF7BB89700F25846BE406EB391CB359D059B62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD4710 Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 86cca7f55289ca7547020a511466ac9d0349b12175ff26da86cec2e26883d2e7
                                                      • Instruction ID: 2e515e36fe4730ab27c0c1022b4726ba9c75c3635967103e0724ceea15254c08
                                                      • Opcode Fuzzy Hash: 86cca7f55289ca7547020a511466ac9d0349b12175ff26da86cec2e26883d2e7
                                                      • Instruction Fuzzy Hash: C441B235B001558FDB08CBA8CC4577EB6F7FB89700F25846AE506EB390CB759D019B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CDF11 Relevance: .1, Instructions: 127COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a78e6c2c4d7261800a5775731fbfcb48febdeda61623b618fc627b1020da2df
                                                      • Instruction ID: b4daa58f4af6a82551d77d1b09382cbe47cdf4e44eb815e127d9d27fc16c31b2
                                                      • Opcode Fuzzy Hash: 6a78e6c2c4d7261800a5775731fbfcb48febdeda61623b618fc627b1020da2df
                                                      • Instruction Fuzzy Hash: B7511375909268CFCB20DF64C944BE8B7B8FB4A301F1098EAD44EA3291C7319A85CF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B79F1 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f079304bbd402099e25be006839222b6f1fc2e2ee90f8d39762de3b5e76a2709
                                                      • Instruction ID: 140243dcf34f9344914988a700905b67410244a4ac087b277b14f69743a6f708
                                                      • Opcode Fuzzy Hash: f079304bbd402099e25be006839222b6f1fc2e2ee90f8d39762de3b5e76a2709
                                                      • Instruction Fuzzy Hash: EB41E471A1420ACFD740DFA9D9417BAFBA6BBD8300F14C56AE419DF681E770C981CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CE27B Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f1ef017fb1d89afec66754ad2a9b3e5f65f04a82cbf7b90383d7c26c2bd2eaa
                                                      • Instruction ID: aa94431617846114b8066436580694a04ab82573f819426b1a03f0c0f01de2e3
                                                      • Opcode Fuzzy Hash: 2f1ef017fb1d89afec66754ad2a9b3e5f65f04a82cbf7b90383d7c26c2bd2eaa
                                                      • Instruction Fuzzy Hash: FA41EF75905268CFCB20DF64C844BEDB7B9BB4A305F2094EAE40EA7251CB31AA85CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CE1B7 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d7e04e3024e43e252b867f81b51f3a1d2f08060e7e854ec04acaf8a636938f8d
                                                      • Instruction ID: 13de129ca00f158289dc4cc4c6ae136041e70fae0fed07f1e782836ee189d373
                                                      • Opcode Fuzzy Hash: d7e04e3024e43e252b867f81b51f3a1d2f08060e7e854ec04acaf8a636938f8d
                                                      • Instruction Fuzzy Hash: 9141BE74905268CFCB20DF64C944BE9BBB9BB4A305F1094EAE44EA3251D7319A85CF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CDBC1 Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dda4d904e6c6d4af1f78ebeb481219cc8f7422d564ec49d92464d4221f63048e
                                                      • Instruction ID: 3c8b95163f2a88eedf653b2c8d801ad0e3d025848db89e90290b585e3c8b0b61
                                                      • Opcode Fuzzy Hash: dda4d904e6c6d4af1f78ebeb481219cc8f7422d564ec49d92464d4221f63048e
                                                      • Instruction Fuzzy Hash: 8C3186B1D086588BEB58CF6BD8047DEBAF6AFC9304F14D1BE840DA6254DB740A85CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CDE28 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a577263fed67514969b5bc68a0bdb2a15b0efb89047036f2a86cbd8ccf51300a
                                                      • Instruction ID: 4fecf2d7c35717d5bbbaf0a16c0aa4417a65e02db274227491d68bb3b60189d3
                                                      • Opcode Fuzzy Hash: a577263fed67514969b5bc68a0bdb2a15b0efb89047036f2a86cbd8ccf51300a
                                                      • Instruction Fuzzy Hash: 6FE0127594E184CFCB00DF94E8540F8BBBC9B4F311F2178A9E18FA3212D6315954DA13
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B02E68 Relevance: 5.7, Strings: 4, Instructions: 722COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$@$@$@
                                                      • API String ID: 0-3310854385
                                                      • Opcode ID: 5ed489b95ce818a3c1e9f18645a7ea05dbafdc72b2dc697219f096cfe39f8887
                                                      • Instruction ID: cadef24544a8ce588cf89312dad6c8d9d594489afc6ffa1ad763b6c170fa9754
                                                      • Opcode Fuzzy Hash: 5ed489b95ce818a3c1e9f18645a7ea05dbafdc72b2dc697219f096cfe39f8887
                                                      • Instruction Fuzzy Hash: 59424A307006058FDB24DF68C4A9BAEBBE2EFC9760F1485A9E456DB2E1DB35D841CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BD205 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 285 96bd205-96bd20f 286 96bd219-96bd27e 285->286 290 96bd280 286->290 291 96bd287-96bd288 286->291 290->291 292 96bd2df-96bd2e5 291->292 293 96bd28a-96bd2ac 292->293 294 96bd2e7-96bd3a9 292->294 295 96bd2ae 293->295 296 96bd2b3-96bd2dc 293->296 305 96bd3ab-96bd3e4 294->305 306 96bd3ea-96bd3ee 294->306 295->296 296->292 305->306 307 96bd42f-96bd433 306->307 308 96bd3f0-96bd429 306->308 309 96bd435-96bd46e 307->309 310 96bd474-96bd478 307->310 308->307 309->310 312 96bd47e-96bd496 310->312 313 96bd4fc-96bd557 310->313 316 96bd49c-96bd4a3 312->316 317 96bd176-96bd17a 312->317 332 96bd559-96bd58c 313->332 333 96bd58e-96bd5b8 313->333 319 96bd4ea-96bd4ee 316->319 320 96bd1c9-96bd1ff 317->320 321 96bd17c-96bd1b4 317->321 322 96bd052-96bd056 319->322 323 96bd4f4-96bd4fa 319->323 320->285 334 96bd09d-96bd0aa 320->334 344 96bd669-96bd66e 321->344 324 96bd06b-96bd071 322->324 325 96bd058-96bd066 322->325 323->313 326 96bd4a5-96bd4e7 323->326 331 96bd0bc-96bd0c0 324->331 330 96bd0eb-96bd11d 325->330 326->319 360 96bd11f-96bd12b 330->360 361 96bd147 330->361 339 96bd073-96bd07f 331->339 340 96bd0c2-96bd0d9 331->340 353 96bd5c1-96bd62e 332->353 333->353 336 96bd00f-96bd033 334->336 337 96bd0b0-96bd0b7 334->337 356 96bd0e1-96bd0e5 336->356 337->340 342 96bd081 339->342 343 96bd086-96bd08b 339->343 347 96bd0db-96bd0de 340->347 348 96bd08e-96bd094 340->348 342->343 343->348 349 96bd670-96bd67e 344->349 350 96bd685-96bd6a4 344->350 347->356 351 96bd0b9 348->351 352 96bd096-96bd09a 348->352 349->350 362 96bd6aa-96bd6b1 350->362 363 96bcfc7-96bd718 350->363 351->331 352->334 373 96bd634-96bd640 353->373 356->330 359 96bd038-96bd04f 356->359 359->322 365 96bd12d-96bd133 360->365 366 96bd135-96bd13b 360->366 368 96bd14d-96bd173 361->368 370 96bd145 365->370 366->370 368->317 370->368 375 96bd647-96bd65a 373->375 375->344
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :$~
                                                      • API String ID: 0-2431124681
                                                      • Opcode ID: b787e0fda9c5b6f7e9fb2968026b6f89fd34b1757384ca276690668d43d1f3dd
                                                      • Instruction ID: 455129dbf6c9ec326120058c9ef432c01f9a39557dd010c1267b5275a84da463
                                                      • Opcode Fuzzy Hash: b787e0fda9c5b6f7e9fb2968026b6f89fd34b1757384ca276690668d43d1f3dd
                                                      • Instruction Fuzzy Hash: 9F22B375900218DFDB15CFA8C994ED9BBB2FF48304F1580E9E509AB262E732E991DF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BAED0 Relevance: 2.6, Strings: 2, Instructions: 105COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 540 96baed0-96baef8 541 96baefa-96baefd 540->541 542 96baf2d-96baf35 540->542 543 96baeff 541->543 544 96baf06-96baf1a 541->544 542->541 543->542 543->544 545 96bafc8-96bafda 543->545 546 96baf68-96baf6c 543->546 547 96bafdf-96bafe9 543->547 548 96baf7f-96baf86 543->548 549 96bb01e-96bb031 543->549 550 96bafb1-96bafc3 543->550 551 96baff0-96bb001 543->551 552 96baf37-96baf4a 543->552 553 96baf95-96baf9b 543->553 554 96bb034-96bb039 543->554 560 96bb03e-96bb046 544->560 566 96baf20-96baf2b 544->566 545->541 546->560 561 96baf72-96baf7d 546->561 547->551 548->560 562 96baf8c-96baf93 548->562 550->541 556 96bb00b-96bb00f 551->556 557 96bb003 551->557 558 96baf4c 552->558 559 96baf53-96baf57 552->559 553->560 563 96bafa1-96bafac 553->563 554->541 556->560 570 96bb011-96bb01c 556->570 567 96bb006 557->567 558->546 558->548 568 96baf66 558->568 559->560 571 96baf5d-96baf61 559->571 561->568 562->568 563->541 566->541 567->541 568->541 570->549 570->567 571->568
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: Jl$4Jl
                                                      • API String ID: 0-825052506
                                                      • Opcode ID: 3b0e677f8e9333dbab12766f01c9579bf5a992346ed0074d30cc47f81d94a31f
                                                      • Instruction ID: 9a9dbad17a5bff5c52f425e8439c1c1ddc9ed406a3ff338882d001813dcc02a7
                                                      • Opcode Fuzzy Hash: 3b0e677f8e9333dbab12766f01c9579bf5a992346ed0074d30cc47f81d94a31f
                                                      • Instruction Fuzzy Hash: 7941AC70A04244CFC724CFAAD484AFAB7F1FB09340F80816AE1669B781D331E986CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9C8D Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 778 29c9c8d-29c9d2d 781 29c9d2f-29c9d39 778->781 782 29c9d66-29c9d86 778->782 781->782 783 29c9d3b-29c9d3d 781->783 789 29c9dbf-29c9dee 782->789 790 29c9d88-29c9d92 782->790 785 29c9d3f-29c9d49 783->785 786 29c9d60-29c9d63 783->786 787 29c9d4d-29c9d5c 785->787 788 29c9d4b 785->788 786->782 787->787 791 29c9d5e 787->791 788->787 796 29c9e27-29c9ee1 CreateProcessA 789->796 797 29c9df0-29c9dfa 789->797 790->789 792 29c9d94-29c9d96 790->792 791->786 794 29c9d98-29c9da2 792->794 795 29c9db9-29c9dbc 792->795 798 29c9da4 794->798 799 29c9da6-29c9db5 794->799 795->789 810 29c9eea-29c9f70 796->810 811 29c9ee3-29c9ee9 796->811 797->796 800 29c9dfc-29c9dfe 797->800 798->799 799->799 801 29c9db7 799->801 802 29c9e00-29c9e0a 800->802 803 29c9e21-29c9e24 800->803 801->795 805 29c9e0c 802->805 806 29c9e0e-29c9e1d 802->806 803->796 805->806 806->806 807 29c9e1f 806->807 807->803 821 29c9f80-29c9f84 810->821 822 29c9f72-29c9f76 810->822 811->810 824 29c9f94-29c9f98 821->824 825 29c9f86-29c9f8a 821->825 822->821 823 29c9f78 822->823 823->821 827 29c9fa8-29c9fac 824->827 828 29c9f9a-29c9f9e 824->828 825->824 826 29c9f8c 825->826 826->824 830 29c9fbe-29c9fc5 827->830 831 29c9fae-29c9fb4 827->831 828->827 829 29c9fa0 828->829 829->827 832 29c9fdc 830->832 833 29c9fc7-29c9fd6 830->833 831->830 835 29c9fdd 832->835 833->832 835->835
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 029C9ECE
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 90b20f9b8d8202cc379d79b2b7a58ca68b8e9358434aec4db19c6444878519e8
                                                      • Instruction ID: 24776a8b8ec3d52b22d2623224be64fbd2f10598d88f7c28f0b9502a2351c913
                                                      • Opcode Fuzzy Hash: 90b20f9b8d8202cc379d79b2b7a58ca68b8e9358434aec4db19c6444878519e8
                                                      • Instruction Fuzzy Hash: 27914A71D00219DFEF20CF69C840BEEBBB6BF48304F148569E819A7280DB759985CF92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9C98 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 836 29c9c98-29c9d2d 838 29c9d2f-29c9d39 836->838 839 29c9d66-29c9d86 836->839 838->839 840 29c9d3b-29c9d3d 838->840 846 29c9dbf-29c9dee 839->846 847 29c9d88-29c9d92 839->847 842 29c9d3f-29c9d49 840->842 843 29c9d60-29c9d63 840->843 844 29c9d4d-29c9d5c 842->844 845 29c9d4b 842->845 843->839 844->844 848 29c9d5e 844->848 845->844 853 29c9e27-29c9ee1 CreateProcessA 846->853 854 29c9df0-29c9dfa 846->854 847->846 849 29c9d94-29c9d96 847->849 848->843 851 29c9d98-29c9da2 849->851 852 29c9db9-29c9dbc 849->852 855 29c9da4 851->855 856 29c9da6-29c9db5 851->856 852->846 867 29c9eea-29c9f70 853->867 868 29c9ee3-29c9ee9 853->868 854->853 857 29c9dfc-29c9dfe 854->857 855->856 856->856 858 29c9db7 856->858 859 29c9e00-29c9e0a 857->859 860 29c9e21-29c9e24 857->860 858->852 862 29c9e0c 859->862 863 29c9e0e-29c9e1d 859->863 860->853 862->863 863->863 864 29c9e1f 863->864 864->860 878 29c9f80-29c9f84 867->878 879 29c9f72-29c9f76 867->879 868->867 881 29c9f94-29c9f98 878->881 882 29c9f86-29c9f8a 878->882 879->878 880 29c9f78 879->880 880->878 884 29c9fa8-29c9fac 881->884 885 29c9f9a-29c9f9e 881->885 882->881 883 29c9f8c 882->883 883->881 887 29c9fbe-29c9fc5 884->887 888 29c9fae-29c9fb4 884->888 885->884 886 29c9fa0 885->886 886->884 889 29c9fdc 887->889 890 29c9fc7-29c9fd6 887->890 888->887 892 29c9fdd 889->892 890->889 892->892
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 029C9ECE
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 989615aa1ebe446f4288b543c91fc2c8e3947d0d9801ce90363e344e052b9874
                                                      • Instruction ID: 7f58691876e8839d0720553f4fad4348caf36c3f8e207cdcada8cf1bcab09680
                                                      • Opcode Fuzzy Hash: 989615aa1ebe446f4288b543c91fc2c8e3947d0d9801ce90363e344e052b9874
                                                      • Instruction Fuzzy Hash: 6E913971D00319DFEB20DF69C841BEEBBB6BF48314F148569E809A7280DB759985CF92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD9F94 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1003 fd9f94-fdb4b9 CreateActCtxA 1006 fdb4bb-fdb4c1 1003->1006 1007 fdb4c2-fdb51c 1003->1007 1006->1007 1014 fdb51e-fdb521 1007->1014 1015 fdb52b-fdb52f 1007->1015 1014->1015 1016 fdb531-fdb53d 1015->1016 1017 fdb540 1015->1017 1016->1017
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 00FDB4A9
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: 25e9c24d0590d40ef372f17bcf7449162b4ac1c1e531d83f817dfbe4984cb29c
                                                      • Instruction ID: 1485a19a0f7de581e31f4b48b3207ad3f8e1d2f57f19b822dec91ccabb9fb0b5
                                                      • Opcode Fuzzy Hash: 25e9c24d0590d40ef372f17bcf7449162b4ac1c1e531d83f817dfbe4984cb29c
                                                      • Instruction Fuzzy Hash: AE41D0B0C00718CBEB24CFA9C844BDEBBF6BF49704F24806AD419AB255DB756945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C95D0 Relevance: 1.6, APIs: 1, Instructions: 71injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1019 29c95d0-29c9626 1021 29c9628-29c9634 1019->1021 1022 29c9636-29c9675 WriteProcessMemory 1019->1022 1021->1022 1024 29c967e-29c96ae 1022->1024 1025 29c9677-29c967d 1022->1025 1025->1024
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 029C9668
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: a8078db04d1ca1c0dd0c570fc6ec1785370795f79c1786458105092d9629e401
                                                      • Instruction ID: b2f28ad63fe279dd8a187e254a57caa51dc783f52be38f9bb77e19f3fa710e20
                                                      • Opcode Fuzzy Hash: a8078db04d1ca1c0dd0c570fc6ec1785370795f79c1786458105092d9629e401
                                                      • Instruction Fuzzy Hash: BE2157719003499FDF10DFAAC985BEEBBF5FF48314F10842AE919A7250C7789944CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C95D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1029 29c95d8-29c9626 1031 29c9628-29c9634 1029->1031 1032 29c9636-29c9675 WriteProcessMemory 1029->1032 1031->1032 1034 29c967e-29c96ae 1032->1034 1035 29c9677-29c967d 1032->1035 1035->1034
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 029C9668
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 4e4a794d84680d17e4db4a79490656ee75d2fe5ef6b46d7ef8abc40424d632f6
                                                      • Instruction ID: fa5ccd6e07c898498addf3bb04eca4b52c3a1bb601317b073fa8e95085ad15e5
                                                      • Opcode Fuzzy Hash: 4e4a794d84680d17e4db4a79490656ee75d2fe5ef6b46d7ef8abc40424d632f6
                                                      • Instruction Fuzzy Hash: 462169719003499FDB10DFAAC984BEEBBF5FF48310F10842AE918A7240C7789944CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD900B Relevance: 1.6, APIs: 1, Instructions: 66memoryCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1039 fd900b-fd90a8 VirtualProtect 1042 fd90aa-fd90b0 1039->1042 1043 fd90b1-fd90d2 1039->1043 1042->1043
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00FD909B
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: fde2740fec2846c111a3d07a3297e84d0b63af4cf30d5be2ff76f5de8ae74f9e
                                                      • Instruction ID: 4077af10b57f107efbdfac0fa0bff6878479e279a8792f3c60bc6a8cc84368b0
                                                      • Opcode Fuzzy Hash: fde2740fec2846c111a3d07a3297e84d0b63af4cf30d5be2ff76f5de8ae74f9e
                                                      • Instruction Fuzzy Hash: 432129719043499FCB10CFAAC884BDEBFF4EB48310F14846AE568A7251C3789945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C96C1 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029C9748
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: cdc03f0bd45d0595823f49f0ac4eda7cdab945cc4fb883282d5c223c49f37589
                                                      • Instruction ID: 864ea5878d3cd9dc512e7ed6dbf1207cffabbc251e18565dbf799aa65ab0d00d
                                                      • Opcode Fuzzy Hash: cdc03f0bd45d0595823f49f0ac4eda7cdab945cc4fb883282d5c223c49f37589
                                                      • Instruction Fuzzy Hash: 4A2105718003499FDB14CFAAC884BEEBBF5FF48310F10882AE519A7250C7799541DFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9439 Relevance: 1.6, APIs: 1, Instructions: 65threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 029C94BE
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 74c30fdfe63f0fe76c5326d81dd0feeb283ce0a011dec83168a8eb085d91e79b
                                                      • Instruction ID: 6bcb0f80b5135b5d5bf150b0c017f59ca4c8a3b39cc4173c024bf898f14dbd02
                                                      • Opcode Fuzzy Hash: 74c30fdfe63f0fe76c5326d81dd0feeb283ce0a011dec83168a8eb085d91e79b
                                                      • Instruction Fuzzy Hash: E52125719003098FEB24CFAAC4857EEBBF4AF88314F24842ED419A7250C7789945CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C96C8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 029C9748
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 327f4b55d106df5a1deed2a893bfe7c9d3b9de8051a682cb4e55f6559e70dbe2
                                                      • Instruction ID: d5e94af03594931b9e88b6780c3327bf1c7f4cbee41cd8827715a60366c9031a
                                                      • Opcode Fuzzy Hash: 327f4b55d106df5a1deed2a893bfe7c9d3b9de8051a682cb4e55f6559e70dbe2
                                                      • Instruction Fuzzy Hash: 112128718003499FDB10CFAAC884BEEBBF5FF48310F10882AE518A7250C7799500DBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9440 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 029C94BE
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 3be6845a1d35158f56671a0b4619fe9c58ba1b266c5406b3c395b671422b204d
                                                      • Instruction ID: 26c86cbc8045d7da4d75b6b78102bb9a994a74c9fb00b4ab32d330229a245490
                                                      • Opcode Fuzzy Hash: 3be6845a1d35158f56671a0b4619fe9c58ba1b266c5406b3c395b671422b204d
                                                      • Instruction Fuzzy Hash: ED2127729003098FEB10DFAAC4857EEBBF4EF48314F14842EE419A7240CB78A945CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9511 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029C9586
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 4dcc2f6d50b889c375b233e2c6f4755dacce4eda1869ac7a43f7ae854fa531f8
                                                      • Instruction ID: 0907810a90d826743c6bc9a909995c2eaaf0e7daa0a7f52fd042a7ed51c4e57c
                                                      • Opcode Fuzzy Hash: 4dcc2f6d50b889c375b233e2c6f4755dacce4eda1869ac7a43f7ae854fa531f8
                                                      • Instruction Fuzzy Hash: 792136728003489FDB24CFA9C845BEEBBF5EF88314F24881AE529A7250C7759940CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD9028 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00FD909B
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 4f2fc3d38063eb1c918568644d59e8b051bafb5820bb40cff11a4d323eefa60b
                                                      • Instruction ID: 15482bde368965e31939389f977e5a1c737f76ac06034930f81a7492c56c1c0c
                                                      • Opcode Fuzzy Hash: 4f2fc3d38063eb1c918568644d59e8b051bafb5820bb40cff11a4d323eefa60b
                                                      • Instruction Fuzzy Hash: BD2117B19002499FCB10CFAAC484BDEFBF4FB48320F14842AE868A3250D378A544CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9518 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 029C9586
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 945c78598233d3d14fb67003204ceb92e084ad366b0c3fd0a12818660697b844
                                                      • Instruction ID: e261c20a38e4a82614a0009f407ef276c6739fba38404b8d735430a8912fd6c2
                                                      • Opcode Fuzzy Hash: 945c78598233d3d14fb67003204ceb92e084ad366b0c3fd0a12818660697b844
                                                      • Instruction Fuzzy Hash: CC113A729003489FDB10DFAAC844BEFBBF5EF48314F14841AE519A7250C775A540DFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9388 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: e103b627bd59ed2708ea1494620ba3d68f344b6d3e44167318facb7656f071c9
                                                      • Instruction ID: e2e5b8719d64956b71ac1d87f5befdc98935b14ad978066ece3253ff32aa30f9
                                                      • Opcode Fuzzy Hash: e103b627bd59ed2708ea1494620ba3d68f344b6d3e44167318facb7656f071c9
                                                      • Instruction Fuzzy Hash: 791116B1D003488FDB24DFAAC4457EFBBF5EB88314F24845AD419A7250C779A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CEC88 Relevance: 1.6, APIs: 1, Instructions: 50windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 029CECED
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 2b1fcc6d0cf8fe874ecc246731c594408cbe9c2f07eafeca5bf6499a74b5f32a
                                                      • Instruction ID: 2fbf7cd37d22af2497e0718db4ffb837bcd94875e28948cb31e923896bc7122f
                                                      • Opcode Fuzzy Hash: 2b1fcc6d0cf8fe874ecc246731c594408cbe9c2f07eafeca5bf6499a74b5f32a
                                                      • Instruction Fuzzy Hash: F51106B58003499FDB21DF9AD489BEEFBF8FB48314F24841AE459A3210C375A544CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9390 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: 83eb8b2dd80cd6e87cd65d35fe1c84e6e9de1c3809cde97178c05eca4732fa88
                                                      • Instruction ID: 2057bceac7a5d722d7d88ba45e5f394837520704a13368b01d63f1642c41016e
                                                      • Opcode Fuzzy Hash: 83eb8b2dd80cd6e87cd65d35fe1c84e6e9de1c3809cde97178c05eca4732fa88
                                                      • Instruction Fuzzy Hash: 441128719003488BDB20DFAAC4447EFFBF4AB88314F24841AD419A7240CB79A544CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C7ED4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 029CECED
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: e719b81e3994fcf5e30713ef878c19f45a1d8cbaef1ce0c4ab243e7fbcdae146
                                                      • Instruction ID: d612895a53764e48d840af230f76c8d055d71c14e4db872741e49366a0ee32ee
                                                      • Opcode Fuzzy Hash: e719b81e3994fcf5e30713ef878c19f45a1d8cbaef1ce0c4ab243e7fbcdae146
                                                      • Instruction Fuzzy Hash: A31106B58003489FDB11DF9AC885BDEBBF8EB48314F208459E559A7200C375A944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B006DC Relevance: 1.4, Strings: 1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: D l
                                                      • API String ID: 0-3186346649
                                                      • Opcode ID: 4d2b96b19f71ef492d55b42028d040ec2aefa5ccefb36e8804a3ca3f0a24e4d3
                                                      • Instruction ID: ce3410e6c26fdd9335dbf480d552dd8c7a40749a9ebe399ff62f44e0362c110b
                                                      • Opcode Fuzzy Hash: 4d2b96b19f71ef492d55b42028d040ec2aefa5ccefb36e8804a3ca3f0a24e4d3
                                                      • Instruction Fuzzy Hash: 27517F302006059FC714DF28D898AAA7BE2FFC5764F1486A9F509CB3A1DB71EC45CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B85C9 Relevance: 1.3, Strings: 1, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0,$q
                                                      • API String ID: 0-919746613
                                                      • Opcode ID: 09b3555a795b50133fa4ff96776e6e1692932c966b09b0282b6567bcfbc77704
                                                      • Instruction ID: 539a16a807ed8f376f5e26f15cdb03f0f8ecd671d3330f30327dd60e61f34add
                                                      • Opcode Fuzzy Hash: 09b3555a795b50133fa4ff96776e6e1692932c966b09b0282b6567bcfbc77704
                                                      • Instruction Fuzzy Hash: A7F0A0312402449FCB19EB25E8108AE7FEEAFC2661715826BE416CB271DAB44D0287E5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B85D8 Relevance: 1.3, Strings: 1, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0,$q
                                                      • API String ID: 0-919746613
                                                      • Opcode ID: e62cd694794620ecfd8f77e6c2781e65ca02b5a5c9f499fe011ad0fe8e8b51e4
                                                      • Instruction ID: f86a9872b1f2b595c02f5fe451b8b5b076385b9575dacde32e1b3c623715386d
                                                      • Opcode Fuzzy Hash: e62cd694794620ecfd8f77e6c2781e65ca02b5a5c9f499fe011ad0fe8e8b51e4
                                                      • Instruction Fuzzy Hash: E5E0863630061457CB18B72AE9108EE779FAFC4AA1714852AE80587360DFB05D4283E9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B8837 Relevance: .7, Instructions: 713COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e275cb8d9bddcc53c04dd29ab4ddc5c7fe89bd593047cdd779acbe97869466bf
                                                      • Instruction ID: be511c149c75f99d6881162aba20380588f62b58446467aa0e294ffde659226f
                                                      • Opcode Fuzzy Hash: e275cb8d9bddcc53c04dd29ab4ddc5c7fe89bd593047cdd779acbe97869466bf
                                                      • Instruction Fuzzy Hash: F342E271A00304DFEB15DFA8C4957EDBBA6FF84750F20842AE405AF391DB749882CB5A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B6B04 Relevance: .6, Instructions: 582COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a7391c286defd22f13ec7819cfd5e8cc68168731994db62d7c531c22f97ac5f
                                                      • Instruction ID: eb0e2d4c6405bef247083741815b4180b38b6962b4dd5d3dc52ac87163037745
                                                      • Opcode Fuzzy Hash: 8a7391c286defd22f13ec7819cfd5e8cc68168731994db62d7c531c22f97ac5f
                                                      • Instruction Fuzzy Hash: AB323830B102058FDB19EF68D494AADB7F2EF89710F5585A8E4099B3A1DF35EC86CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B8A20 Relevance: .4, Instructions: 394COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7c191f552440e63f3d1e19e0d8216fda790bd577b95ed7135593fb9c5cd9c2ba
                                                      • Instruction ID: 5d5938a56e0dcafd8ed2d96d44c38e548e5480b831414f0fc0d74403cde25a9e
                                                      • Opcode Fuzzy Hash: 7c191f552440e63f3d1e19e0d8216fda790bd577b95ed7135593fb9c5cd9c2ba
                                                      • Instruction Fuzzy Hash: 19E18D70B00244DFEB149FA8D859BFD77A6BB84741F24842AF506AF395EB708C82CB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B4128 Relevance: .4, Instructions: 363COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 80245440f85e83d94d8a38a9adb7c9976443dbf48ce246c11a760c23d0e7c7ab
                                                      • Instruction ID: a72b70903823709a05803c716da3cabb02802bda6c6c155435b8c33fa1daf589
                                                      • Opcode Fuzzy Hash: 80245440f85e83d94d8a38a9adb7c9976443dbf48ce246c11a760c23d0e7c7ab
                                                      • Instruction Fuzzy Hash: 67D15E31B002148FDB14DFA9C4446AEBBA2EFC4311F25C16AE5199F366EA30DC85CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BB600 Relevance: .3, Instructions: 343COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07a32b6a7628b8738b4d75ef0df50159546f8e3712765ab0905c72574ed9b837
                                                      • Instruction ID: fc806e32674ae7027736a1e2e27e5b61d963e80d3c271a6890d1703efc748cc9
                                                      • Opcode Fuzzy Hash: 07a32b6a7628b8738b4d75ef0df50159546f8e3712765ab0905c72574ed9b837
                                                      • Instruction Fuzzy Hash: 63D180306107058FC729EF79C495EAAB7B6EF89350B144A6AE1528B3E1CF35D986CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8BF0 Relevance: .3, Instructions: 306COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1043661d941d4f866a754d86115e08e95b2fd915ed36017660dc540d5fb1974b
                                                      • Instruction ID: 7ffa339dc9f3a3352fa2258c4587b3f1efa21e697d525037ffdca9fe6dc3d2b1
                                                      • Opcode Fuzzy Hash: 1043661d941d4f866a754d86115e08e95b2fd915ed36017660dc540d5fb1974b
                                                      • Instruction Fuzzy Hash: B1C12535A10205CFCB54DF68C598EADB7F6BF88750B1585A9E40AEB3A1DB31EC41CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1388 Relevance: .3, Instructions: 296COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: edf885f4b1cf9ed05e89182a08c09732d4236840dfbcec017cdca944094281ea
                                                      • Instruction ID: 99c6fdf1066f7f9856f7309be4c6acaf7d1ccf10f85932ea98f9bb53712308d6
                                                      • Opcode Fuzzy Hash: edf885f4b1cf9ed05e89182a08c09732d4236840dfbcec017cdca944094281ea
                                                      • Instruction Fuzzy Hash: 9BA19D717042109FCB249F78C864BAE77E6EFC5720B21456DE02ADB7A1EA74EC81C761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B2411 Relevance: .3, Instructions: 291COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8d20151b66206dd7c3466b9633e818c306124478089fd2d710d0737e66d2eec
                                                      • Instruction ID: 04c51d99ed27898cef10e88fa88c543d414e9b41791e6310f787b5101e6d2684
                                                      • Opcode Fuzzy Hash: d8d20151b66206dd7c3466b9633e818c306124478089fd2d710d0737e66d2eec
                                                      • Instruction Fuzzy Hash: BAD1A334A10205CFDB18CF58C5C8E99BBF2FF48755F6A81A9D8459B265CB30ED86CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B128C Relevance: .3, Instructions: 262COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 510e84832ae396aafa126332a256173c812db5735375dd043a8fdc99a7ab0fc5
                                                      • Instruction ID: 8d65f28977246778c3a0dbff133b9a392c7fcc69dc649593410f7a8cd799b9ad
                                                      • Opcode Fuzzy Hash: 510e84832ae396aafa126332a256173c812db5735375dd043a8fdc99a7ab0fc5
                                                      • Instruction Fuzzy Hash: 10918E307042049FCB15AF78C4A0BAE73A6AFC6200F15896DE52A8F391EF75AC86C755
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B4798 Relevance: .2, Instructions: 247COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3afc5d42467c79d42b248b869bcd6438dcb6d5fdb7d5487347b4a18c9e217f89
                                                      • Instruction ID: dc0b40376b88874f0251e6e156a877c3373a01fcd4a81490a7f00ad426219fcb
                                                      • Opcode Fuzzy Hash: 3afc5d42467c79d42b248b869bcd6438dcb6d5fdb7d5487347b4a18c9e217f89
                                                      • Instruction Fuzzy Hash: 4291A035B006049FCB06ABA0D858AEEBBBBFF89300F148159D5199B391DF75DA06CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBAD8 Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54d56ce33b447756069660117315fccee0a6f80eb3b2fdaa14feb93d0625a257
                                                      • Instruction ID: 716989aa71de1612f1976546cc11ced70fe30ee05aff5e7315b2c95866b75a97
                                                      • Opcode Fuzzy Hash: 54d56ce33b447756069660117315fccee0a6f80eb3b2fdaa14feb93d0625a257
                                                      • Instruction Fuzzy Hash: 21919AB4A09289CFCB05CFA9E4849EDBFB0FF4A340B1194D6E445EB362E7349955CB12
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B8D1E Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3d6925273eabe201dc52961ce5f29260174e8b8d234aaa613bfebd201950544e
                                                      • Instruction ID: bf9487fe2c4a24bd092263984ed731f01eef34b3b5adb86c00f38ca158d18f4b
                                                      • Opcode Fuzzy Hash: 3d6925273eabe201dc52961ce5f29260174e8b8d234aaa613bfebd201950544e
                                                      • Instruction Fuzzy Hash: AC815B30B00208DFEB149FA4D859BFD77A6AB84741F548026F506AF395EB718D828B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B3FAC Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9d5c6488b248e51d2e2ddee662587764746eb33f3e852cd45606d9008e32a9e
                                                      • Instruction ID: acd0d33bc42004a925667e1d993fd18e9fa543c65c1b41a4e36cee8d4e9bd0f3
                                                      • Opcode Fuzzy Hash: a9d5c6488b248e51d2e2ddee662587764746eb33f3e852cd45606d9008e32a9e
                                                      • Instruction Fuzzy Hash: EEA1C234A10205DFDB15DF68D8C8FA9B7B2FF89355F5581A9E4099B2B2CB30AC85CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B8DCA Relevance: .2, Instructions: 194COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fd1ed1602e2ae7f0799d5a5cb17ccb9387427aba51b518d8128fc3f5810f194
                                                      • Instruction ID: f3b18b6518e45cbc7743f20b109ed0a648e14a4a752abe7d965f26e3abfc1981
                                                      • Opcode Fuzzy Hash: 2fd1ed1602e2ae7f0799d5a5cb17ccb9387427aba51b518d8128fc3f5810f194
                                                      • Instruction Fuzzy Hash: F0718C30B00208DFEB148FA4D859BBD77A6BBC4741F148069F506AF395EB718D42CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B8DA6 Relevance: .2, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9370717e4acfdf4f6b1f0d7a1cef0181e42e67faae3ffcfbba6ece8906abdb2
                                                      • Instruction ID: 17377d5aca9e6ce3df28be81f82b36cad241bb0ab5bcf66c7807fd8133055079
                                                      • Opcode Fuzzy Hash: c9370717e4acfdf4f6b1f0d7a1cef0181e42e67faae3ffcfbba6ece8906abdb2
                                                      • Instruction Fuzzy Hash: E0615B30B00208DFEB149FA4D859BBE77A6BBC4741F548029F506AF395DF718D828B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1CE8 Relevance: .2, Instructions: 172COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5848e7915e94836d7b5cd8390a254528d25acc912e4773f2bd9463f51caf480f
                                                      • Instruction ID: 05dff34612bacc5cc88812a0282b205f57ca01796c0bb23e73137a564a6905a2
                                                      • Opcode Fuzzy Hash: 5848e7915e94836d7b5cd8390a254528d25acc912e4773f2bd9463f51caf480f
                                                      • Instruction Fuzzy Hash: AE518075605601EFC709EF78C4A0969BBB6FF8630476281ADD4059F3A1DB31E882CBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BA388 Relevance: .2, Instructions: 155COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf25fee86780a8f643f281067a46eb0757dd54677829d8831c1f69ece52f9468
                                                      • Instruction ID: 8ab6133772eb2d0a8a496b3b6bd42a7c3dcdc60550dd318fd0b972a48915e03d
                                                      • Opcode Fuzzy Hash: bf25fee86780a8f643f281067a46eb0757dd54677829d8831c1f69ece52f9468
                                                      • Instruction Fuzzy Hash: B3510330A106058FDB18DB29C898FA9B7B2FF8A750F1581A9E416DB2A1DF70EC45CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1F50 Relevance: .2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a7fac22b1c793f2677dfdfacf390b6c37b83868d05043be6539af4e9af36326
                                                      • Instruction ID: 6941c0e4ab4498cb4f1e9be38b6d03836eeceea4df7e49e6697dc7fa0352923a
                                                      • Opcode Fuzzy Hash: 9a7fac22b1c793f2677dfdfacf390b6c37b83868d05043be6539af4e9af36326
                                                      • Instruction Fuzzy Hash: F5517F346046049FCB25DF74C4A0BEAB3E6BF85354F11892DE52A8F3A1EB71E885CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1F31 Relevance: .2, Instructions: 153COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d99eec551ee083b5a79bb76d11e5fa90ba4f2efed2cfd3c944342ad9e756f0e
                                                      • Instruction ID: 62e60fd68e7fb0401fe6a7b13cbc188219ed2112bbc5d571626537747f2a1518
                                                      • Opcode Fuzzy Hash: 4d99eec551ee083b5a79bb76d11e5fa90ba4f2efed2cfd3c944342ad9e756f0e
                                                      • Instruction Fuzzy Hash: 275181356046049FCB25DF74C4A0BEA73E6BF95314F11892DE52A8F3A1EB71E886CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1510 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7b3e647fbcb6f42d615b8bf886b1ea8311f588398f71df921f624bf21a0e55fe
                                                      • Instruction ID: 5a683fbd28ae000bae554193a6a7301aafc3fb8ff13fb3438c5991437c4f3a0b
                                                      • Opcode Fuzzy Hash: 7b3e647fbcb6f42d615b8bf886b1ea8311f588398f71df921f624bf21a0e55fe
                                                      • Instruction Fuzzy Hash: C151E7306003019BDB14EF78C8857D973A2FF85714F14C679D8089F2AAEBB55946C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1501 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f72e5045f0b1d49dcc195d276317e7e8ad5190448becd9f2154245fb0aace92
                                                      • Instruction ID: 7be104324af3fbc0051106ea1ae5d2b0629f3b97e8fff8a95ced9cb09e7a75c8
                                                      • Opcode Fuzzy Hash: 1f72e5045f0b1d49dcc195d276317e7e8ad5190448becd9f2154245fb0aace92
                                                      • Instruction Fuzzy Hash: 7351C4706003019BDB14EF68C8857D977A2FFC5714F18C67DD8089F2A6EBB15946CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BA37F Relevance: .1, Instructions: 136COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11c65301420c972bf29d533dbcccb25b95338c9c7967cbd6120c5d7eea0df567
                                                      • Instruction ID: 7dc44410bb3a1e00d5d35af02a524d8c2dafce59f4df63e8653f219dc34d1b2e
                                                      • Opcode Fuzzy Hash: 11c65301420c972bf29d533dbcccb25b95338c9c7967cbd6120c5d7eea0df567
                                                      • Instruction Fuzzy Hash: 79511431A201068FDB18DF29C988FA9B7B1FF89750F1581A9E416DB2A1DF71E844CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BCE08 Relevance: .1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a4240ccb6712c190a34172f7c949727f7514f1ee6663a2e13a719936eaf5646
                                                      • Instruction ID: 07f6a3e5579ba82bac520b720b77178c3120dd85d54aa89087c7150b5d0271cb
                                                      • Opcode Fuzzy Hash: 0a4240ccb6712c190a34172f7c949727f7514f1ee6663a2e13a719936eaf5646
                                                      • Instruction Fuzzy Hash: 4B412035720602CFDB24DB29C8C4FA973A6EF85750F0584AAE55ACB2A1DF34DC56CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0630 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9823ab781648e76cf8f974f011a06d78952ebec3264ef65ad2c788db39f9d66a
                                                      • Instruction ID: 4f843437c5b96120cc175348fe63930e53b2da6f6efb26853baccae55433bb11
                                                      • Opcode Fuzzy Hash: 9823ab781648e76cf8f974f011a06d78952ebec3264ef65ad2c788db39f9d66a
                                                      • Instruction Fuzzy Hash: B4418F357002149FD7249F798858B6E7AE6BFC8751F244078E806DB394FE71CC828B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0278 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 284d4364ea46b699f00958ffc24506c5101c50f8bcd00155e4b88a51c80d1eee
                                                      • Instruction ID: 54dbf378fbf363cbcbb3ac88e3b23947785cca86e83e6d5ed440bd2d428667a1
                                                      • Opcode Fuzzy Hash: 284d4364ea46b699f00958ffc24506c5101c50f8bcd00155e4b88a51c80d1eee
                                                      • Instruction Fuzzy Hash: DE41BC303007904FDB25AF3A84547AF7FE2AFC5614F04851DD4868B7A6EAA4DC818B96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B1CC0 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0e87ca62f19834b5aee08b16533cf96e19a36f3c018ba7cb2c16fbed5479fbef
                                                      • Instruction ID: b8f489733ae51144f78a117564760d83e63b99e7bfa7683d4a3d70fb075b8ea0
                                                      • Opcode Fuzzy Hash: 0e87ca62f19834b5aee08b16533cf96e19a36f3c018ba7cb2c16fbed5479fbef
                                                      • Instruction Fuzzy Hash: 47418274A04605EFC704DF68C4909A9B7B2FF86305BA2856DD415DF3A1EB31E892CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BE130 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 352ebc437db020ea8af02feba5d28956e6f29623dede4488831e3586fc98764d
                                                      • Instruction ID: 896f15fc3b94882bdf2b2748879bfcbb64edaa41cdfc3d5b4d57ee8fa7dd320b
                                                      • Opcode Fuzzy Hash: 352ebc437db020ea8af02feba5d28956e6f29623dede4488831e3586fc98764d
                                                      • Instruction Fuzzy Hash: 6941A475E002198FDB05CFA9C8846EEBBF1FB49314F14846AE419FB305E73599859FA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0288 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c182b8d3e163bc40823d40fc5f99343d927fdaafb080ab54ec28ec16d3475737
                                                      • Instruction ID: 8bba5e415b5cbad57ee6cb38f0971baf5ecff17307d22791800f2022710d3ded
                                                      • Opcode Fuzzy Hash: c182b8d3e163bc40823d40fc5f99343d927fdaafb080ab54ec28ec16d3475737
                                                      • Instruction Fuzzy Hash: BF41CF203007904BDB25AF3A80547AFBFE26FC4614F04841DE4828B7A5EFB4EC81CB96
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBC30 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52c9e463e149166cc965af26186f017acc860811e92e8a98ba54f579b8b3c678
                                                      • Instruction ID: b1cd8765d058232e2a287bb464a0e458b60babe3075e4367185ccef4030f84bd
                                                      • Opcode Fuzzy Hash: 52c9e463e149166cc965af26186f017acc860811e92e8a98ba54f579b8b3c678
                                                      • Instruction Fuzzy Hash: E04129B4E05219DFDB00CFA8E4849FEBBB4FB4E390B415865E456AB311E7349892CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B77C8 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7fb67dd0732ef94498c634639546dbeb4cc2098714ea465505f9a47068860f65
                                                      • Instruction ID: cedc9e88716848d9cc05d796920c6a364dbd82bae0e32f9015e2c714fccba287
                                                      • Opcode Fuzzy Hash: 7fb67dd0732ef94498c634639546dbeb4cc2098714ea465505f9a47068860f65
                                                      • Instruction Fuzzy Hash: F14181307106119FDB29AB24C8C5FAEB3A2BFC4750F148A69D1568B3E1CF71AC46DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B77D8 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38de0bd7447e9bbc91d0c950dd69687fc4e58cc78fd814a6a972b51996c2965b
                                                      • Instruction ID: 1755019aeb5292246af48a507006e66273009aa1525d1155c80c0915f630c48a
                                                      • Opcode Fuzzy Hash: 38de0bd7447e9bbc91d0c950dd69687fc4e58cc78fd814a6a972b51996c2965b
                                                      • Instruction Fuzzy Hash: 904181307206019FDB29AB24C8C4FAAB3A2BFC4750F108969D1568B3E1CF71AC46DB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BCDF7 Relevance: .1, Instructions: 114COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a35ff1619756a1b206345907137db730a6f5b2191b7a4c93b04432e272ced6e7
                                                      • Instruction ID: 9d812ffef947eed732a984630f46b4c936e1c5613e9c6eb3f893e04a33ec86af
                                                      • Opcode Fuzzy Hash: a35ff1619756a1b206345907137db730a6f5b2191b7a4c93b04432e272ced6e7
                                                      • Instruction Fuzzy Hash: 42415E35720602CFDB25DB28C8D4FE973A6EF89790F0540AAE55ACB2A1DF30D852CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBC40 Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8d4edb86aaca6bd5f17f311af41d6bc37541ca0d3b659b4db6a31974406e2f5
                                                      • Instruction ID: 294b36b7818ec1bfa7d5c62bcbb0d1dad23e72732c862661ab06412af582b311
                                                      • Opcode Fuzzy Hash: f8d4edb86aaca6bd5f17f311af41d6bc37541ca0d3b659b4db6a31974406e2f5
                                                      • Instruction Fuzzy Hash: 924103B4E05219DFDB00CFA9E4849FEBBB4FB4E390B406855E456AB311E7309892CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B53D0 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4daf942eb1ba6198d90da9b850b809be03d3bec0380c8c264de6dc0364c83bc2
                                                      • Instruction ID: bc691779bf2bc989c8247ea39c97bde81952b6f4ee01563d05cdbd9978e4a318
                                                      • Opcode Fuzzy Hash: 4daf942eb1ba6198d90da9b850b809be03d3bec0380c8c264de6dc0364c83bc2
                                                      • Instruction Fuzzy Hash: 1E31BD35B103415FCB19EF7898549BEBBF6AFC5220718856EE415DB391DE709C018B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BC9BA Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54c376f2ec88ccfebd476c0471128a92e5088a23828521464b878d9aed1d9648
                                                      • Instruction ID: bdb33a2693782fd65ec4779e12ccc985e21725017460d3805b0c47d0dbafd886
                                                      • Opcode Fuzzy Hash: 54c376f2ec88ccfebd476c0471128a92e5088a23828521464b878d9aed1d9648
                                                      • Instruction Fuzzy Hash: 7D418D74E002189FDB14DFA8C884AEDBBB2FB49304F109456E846F7355EB34AA82CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B40F0 Relevance: .1, Instructions: 108COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1230346cdc9b047bf669723ff1a5d0d9717c396677d3296acffeda8e053d521d
                                                      • Instruction ID: 1bf5999b02617212439a2a6cc92ce6b6ca89db275ea745467404f0bca242b49f
                                                      • Opcode Fuzzy Hash: 1230346cdc9b047bf669723ff1a5d0d9717c396677d3296acffeda8e053d521d
                                                      • Instruction Fuzzy Hash: B831AD307206149FCB15AF78D499A6E7BF6BF89320B044269E41AC7391DF34DC46CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B4100 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ce6f270512353a90d2a75ef96ef87ea5f97283599bdf19c36ca7b76de3441592
                                                      • Instruction ID: b023c17cd94786630291e691ece4f2d7553a8eed28de63a8bfddbc52dbd0742f
                                                      • Opcode Fuzzy Hash: ce6f270512353a90d2a75ef96ef87ea5f97283599bdf19c36ca7b76de3441592
                                                      • Instruction Fuzzy Hash: 703188307206149FCB15AF78D499A6E7BE6BF89320B144269E41AC73A1DF34E846CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8360 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8911156d19cd920152d5a13308725bdc7deddaedd349f98d59042fc183214bf2
                                                      • Instruction ID: c7cfa0a02e6f368aad372284251e4b8aca73e09723f455095ff05e526c3bbcd2
                                                      • Opcode Fuzzy Hash: 8911156d19cd920152d5a13308725bdc7deddaedd349f98d59042fc183214bf2
                                                      • Instruction Fuzzy Hash: 9F3128343206018FDB54DB29C884FEA73EAAF89B54F0585A9E50ADF3A1DF30E841CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BB4D2 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8a81ace701ffaf992015669e9f7e506f775f9bead118e0ce96c1e5e4c5145039
                                                      • Instruction ID: a744a67aef675b5021ec3b3a96b6dfa4e83ffa5881f425a594d68fae39ce6e7e
                                                      • Opcode Fuzzy Hash: 8a81ace701ffaf992015669e9f7e506f775f9bead118e0ce96c1e5e4c5145039
                                                      • Instruction Fuzzy Hash: D941AC729042598FCB10CFB9C9405EEFBF5AF86304F58496BE056EB211E374E9818B62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BB4E8 Relevance: .1, Instructions: 99COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b485b19e6d87ff0f8fcd03abed016adf91502e4f3ebb920a6143418445ae1298
                                                      • Instruction ID: 80bfea28e246e10635a7a384c75af4a22e0b99a2d8583c2ab230f47eaec21941
                                                      • Opcode Fuzzy Hash: b485b19e6d87ff0f8fcd03abed016adf91502e4f3ebb920a6143418445ae1298
                                                      • Instruction Fuzzy Hash: C13178307102159FCB149F68C888EAE7BB2FF49720F1582A5E6258B3B1CB71DC01CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BB4F8 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fbb7ba1c8814e5bf6e38a178d25353a31ad4121f354e275a8501d1447736d14f
                                                      • Instruction ID: ec2ebff5dc43ab620840bd1edc875a358d50f7c91e71813ab6898a1f2d3c8cbd
                                                      • Opcode Fuzzy Hash: fbb7ba1c8814e5bf6e38a178d25353a31ad4121f354e275a8501d1447736d14f
                                                      • Instruction Fuzzy Hash: 283116717102159FCB149F68D888EAD7BB6FF88720F108269E6268B3B1CB71DD01CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B31F1 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 101d31d9f60125df75dd8e1a7ef41fb273ec2b2a0867511089780ff1af0a3ac0
                                                      • Instruction ID: c85b4a5ec64c697f21874b2b06ee110cf2be0834222c53fd61efb804f3d489db
                                                      • Opcode Fuzzy Hash: 101d31d9f60125df75dd8e1a7ef41fb273ec2b2a0867511089780ff1af0a3ac0
                                                      • Instruction Fuzzy Hash: B531AE317206018FCB159B29D899A7E7FE2AF8975070941AAE806CB3A1DF34DC06CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8943 Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ae17df20b8f4c2ebc1f9758fc4becb75b335d1345383c4245a9e8fd95521cabc
                                                      • Instruction ID: 110fe8f3495249ac88356f6ed777fe6b6f1c8e75f15efbe50587a3ecaef9c6b2
                                                      • Opcode Fuzzy Hash: ae17df20b8f4c2ebc1f9758fc4becb75b335d1345383c4245a9e8fd95521cabc
                                                      • Instruction Fuzzy Hash: D7311A353206018FDB54DB29C884FEA73E9AF89B54F1581A9E54ACB3A1DF30E842CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B3220 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a13c214da3b0d1fe3efb2b63919fc6bd07a63b8581b137b29d301f3df682b7be
                                                      • Instruction ID: 724113f171bee360c2b57f4dc3ef551dd4772068d6a876c3fa7adc60459ab8a4
                                                      • Opcode Fuzzy Hash: a13c214da3b0d1fe3efb2b63919fc6bd07a63b8581b137b29d301f3df682b7be
                                                      • Instruction Fuzzy Hash: 413181307206058FCB55DB6AD49997E7BE3AFC8B51304816AE406C73A4DF34DC42CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B1D09 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1ce6c8014f364513e0ce39d4a105e5de1180cfd255929d9be1c7316a5d45e84b
                                                      • Instruction ID: 39bfe3b144a2e16d3f6a42764d4bcbf7163e2daa66588292b8041af325f73faa
                                                      • Opcode Fuzzy Hash: 1ce6c8014f364513e0ce39d4a105e5de1180cfd255929d9be1c7316a5d45e84b
                                                      • Instruction Fuzzy Hash: 47311635A206008FC718DF69D494DD9BBF2FF88761B1984A9E415AB362DB30EC42CF60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF920 Relevance: .1, Instructions: 87COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78e92c444c58208938ce44126b9152f75273e90b282ae7db3f9b2b82e04b45a7
                                                      • Instruction ID: 0fb04abd4f44965abf7a8ae05706b9fdee321a2d081cb5c5004555d372344977
                                                      • Opcode Fuzzy Hash: 78e92c444c58208938ce44126b9152f75273e90b282ae7db3f9b2b82e04b45a7
                                                      • Instruction Fuzzy Hash: 2E214631B102059FC714ABBD9CA49EEB7DADFCA76071541BBD509CB3A2DE718C0083A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BC277 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a53ff85e13544ba1378a470698ed2704ee7b1ed67b427a00c4f76f37bd185cc0
                                                      • Instruction ID: afcf758889d4fe60d01776362c8b7608862b01f5ad34d31f94408065049d04e4
                                                      • Opcode Fuzzy Hash: a53ff85e13544ba1378a470698ed2704ee7b1ed67b427a00c4f76f37bd185cc0
                                                      • Instruction Fuzzy Hash: B231F231224345CFC721DF35C490CEB7BB5EF82381744866EE4A24A291EF35D986CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B54C8 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 96ee458a6c224c35c6103f8801c015122c88d3da3c2c24747bd6203dfdb2bf3a
                                                      • Instruction ID: c56fd8b63875418a8d39f2d6315c47367ef8ccc6beecc716b513b9732401e8ba
                                                      • Opcode Fuzzy Hash: 96ee458a6c224c35c6103f8801c015122c88d3da3c2c24747bd6203dfdb2bf3a
                                                      • Instruction Fuzzy Hash: E92160347302118FDB199B79D8A4EAD37E7AF94BA231580A9E516CF2A4DF24DC018761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8EF5 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f9d7252c008753709333838b834c04bc66110c1fdd684191737bd9cbb3377b8d
                                                      • Instruction ID: 5866d288875e0a4cc32ae5cff48d63e087cf20d647412deb475219132891091f
                                                      • Opcode Fuzzy Hash: f9d7252c008753709333838b834c04bc66110c1fdd684191737bd9cbb3377b8d
                                                      • Instruction Fuzzy Hash: 65311830A102098FCB15DF64D598EEDB7F6EF88751F5440A8E809AB2A4DF31DD41CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BA595 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0daeb3479ee2294ab93a8970f31aef7c41d1bdea5c7fa39113dbb7e1b455a840
                                                      • Instruction ID: fb2db6ea997b6a43bae291e8cd35990b16afbdd09fb5a01a774072c931366da5
                                                      • Opcode Fuzzy Hash: 0daeb3479ee2294ab93a8970f31aef7c41d1bdea5c7fa39113dbb7e1b455a840
                                                      • Instruction Fuzzy Hash: B8315E70610601CFCB64DB28C488F9573E5BF85724F15D56DE56A8B2E1DF70E88ACB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBE9C Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7424bbb27d509ddabb15a23acf1d8cb4f94da3b867b5065fb9b14e4802cb6604
                                                      • Instruction ID: 02927999e8e6d8859a519b0370ea28b354fadb9e1b6ac9529cf97da33ea1b4de
                                                      • Opcode Fuzzy Hash: 7424bbb27d509ddabb15a23acf1d8cb4f94da3b867b5065fb9b14e4802cb6604
                                                      • Instruction Fuzzy Hash: 0A21B7B4D14219DFCB40CFB5D4848EDBBB4EB49390F909416E916EB320E330A982CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BCA05 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a3cbb9daf4b4ff1a6fe849c19b1530c69884efb1a60d961b762c505bd720301
                                                      • Instruction ID: 1148d60172feee5f40c232e7ced09b76aac55b1863e128856e48f6aa0af222e4
                                                      • Opcode Fuzzy Hash: 9a3cbb9daf4b4ff1a6fe849c19b1530c69884efb1a60d961b762c505bd720301
                                                      • Instruction Fuzzy Hash: B331F774A04118CFDB50DFA8C985AEDFBB1FB49304F2055AAE805B7345D735AA82CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00D7D3D8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453619668.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_d7d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 25f0e5401ace2fe4db756a9ebf6f7d2cdd06c56c7c0f4bde633de90c3c182841
                                                      • Instruction ID: e4dc3c958e76093903972b707e25cac106f5488e26cd77da01ed6d5d6a8a1923
                                                      • Opcode Fuzzy Hash: 25f0e5401ace2fe4db756a9ebf6f7d2cdd06c56c7c0f4bde633de90c3c182841
                                                      • Instruction Fuzzy Hash: 45210672504204EFDB04DF10D9C0B16BBB6FF94328F24C169E84D0B256D336E856CAB2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E0F9A Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec27959ce2b4106d881ea9c8504464c5856980442d979f6c7855f69ee8e97dfd
                                                      • Instruction ID: baf8fb467eae0cf25b45238994d210ea46486c111011ecbfc32695f2d3986a7a
                                                      • Opcode Fuzzy Hash: ec27959ce2b4106d881ea9c8504464c5856980442d979f6c7855f69ee8e97dfd
                                                      • Instruction Fuzzy Hash: 44214C31A143468FCB009B75D8957FE7BB2DF89700F44806AE514AB281DF748403CB71
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B83C5 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ecbf63c618fd7aecf20f45b2bfe33b46dedf48a7a14c96d05828e2e85b3eb7b
                                                      • Instruction ID: afc13108acda81b9d336a8144e87a7c8e37cc02c5b119092e8ed6345c422178c
                                                      • Opcode Fuzzy Hash: 7ecbf63c618fd7aecf20f45b2bfe33b46dedf48a7a14c96d05828e2e85b3eb7b
                                                      • Instruction Fuzzy Hash: AF312731620601CFC764DB28D888FE673E6FF88B15F158469E05ECB2A5DF70A886CB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B54B8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 55876c922b5a11d8a5d77c83286d8ec1eccc82fef1383b662165d81bd3286365
                                                      • Instruction ID: cd51a676f433f914656c554a9a48644390714c0479efb9245736ee7aa77d3003
                                                      • Opcode Fuzzy Hash: 55876c922b5a11d8a5d77c83286d8ec1eccc82fef1383b662165d81bd3286365
                                                      • Instruction Fuzzy Hash: DB2160307302018FDB159B35D8A4EBD77FAAF957A271540AAE416CF2E1DF24D801C711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8AE0 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a97061f09ad984bc4ee91eec93694742acc3ec4d66a4609bab11bf1dd2ceb4b0
                                                      • Instruction ID: d8b92712e928a30e95dd9780053fd677be1430c65387b495a001a483fe100d3f
                                                      • Opcode Fuzzy Hash: a97061f09ad984bc4ee91eec93694742acc3ec4d66a4609bab11bf1dd2ceb4b0
                                                      • Instruction Fuzzy Hash: FD31F9352106018FC764DB38D898BE677E6FF89711F5584A9E05ECB3A5DF70A88ACB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B83A4 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e7d686bf30d72cc4357e49e19b011c0d705ee9c316c49d1a153a9672d7d5639
                                                      • Instruction ID: 04de6328999e3466a44543cce1cb8f784a1211be5372356a71cf64890c860714
                                                      • Opcode Fuzzy Hash: 9e7d686bf30d72cc4357e49e19b011c0d705ee9c316c49d1a153a9672d7d5639
                                                      • Instruction Fuzzy Hash: A431F8312106018FC754DF28D898BE677E6FF89B21F558569E05ECB2A5DF70A88ACB40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00F8D01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453996730.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_f8d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f753ef85c5b807350001be5e84a4696e44b5b301b18f9017956462ff8a62538c
                                                      • Instruction ID: 525689d0125e23b8dfafcba29fb0f260d994f865ef8366c20e29e0bad5b06d68
                                                      • Opcode Fuzzy Hash: f753ef85c5b807350001be5e84a4696e44b5b301b18f9017956462ff8a62538c
                                                      • Instruction Fuzzy Hash: BE21F571904344EFDB14EF10D9C4B56BBA5FF84324F20C569E84A4B28AC336D847DB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00F8D1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453996730.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_f8d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9e433e76389f1c133d3f17a3444c07da2e17a65ea5e305583e8057c4eaeee54c
                                                      • Instruction ID: 3e12faf0e5b26623cb0a251ef272178fb05dbeb7701116f4aefa7ab6f09f1ac8
                                                      • Opcode Fuzzy Hash: 9e433e76389f1c133d3f17a3444c07da2e17a65ea5e305583e8057c4eaeee54c
                                                      • Instruction Fuzzy Hash: A621F271A04204EFDB05EF50D9C0B66BBA5FF84324F20C66DE8494B292C336D846DB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BB1C0 Relevance: .1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 915ae8c335ce1f748215e13db39164267b8d1ce609d11ec4b23323b75e685320
                                                      • Instruction ID: 84b20d493791ddf4df6d166bfb8f2196a08efb64a32ac8e1590a79f895d9cbe2
                                                      • Opcode Fuzzy Hash: 915ae8c335ce1f748215e13db39164267b8d1ce609d11ec4b23323b75e685320
                                                      • Instruction Fuzzy Hash: 04219071A14229CFDB248FB8E8415FFBBF5EB85350F114226E816DB651F2708A92CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0040 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0067634fa3ae42d02fc41760ef5dfee47cc9d194bf31da433a7593716bbdbfd7
                                                      • Instruction ID: 26825ad290c37a584e6253220f9e11e9368a19df9501eb3959adaa2eef288be5
                                                      • Opcode Fuzzy Hash: 0067634fa3ae42d02fc41760ef5dfee47cc9d194bf31da433a7593716bbdbfd7
                                                      • Instruction Fuzzy Hash: B821A235B00516CFCB14CF69D4449AABBF5FF88750B1141A6E905DB361EB31EC41CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BD211 Relevance: .1, Instructions: 66COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f97e9dccf8470d5ce2c2cedc2a2e8808b7cd54431ce4eb9169103a567fe09210
                                                      • Instruction ID: e9b0d063d6bad64cf1d3d7451ddd09a8dedc2ac6442b0a006a2b0444ce42f9b0
                                                      • Opcode Fuzzy Hash: f97e9dccf8470d5ce2c2cedc2a2e8808b7cd54431ce4eb9169103a567fe09210
                                                      • Instruction Fuzzy Hash: 5011A73431C3804FC706977898648A97FB69FC769431E00E7D585CB2B3DE248C05C3A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BB1D0 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52ae41716ca91d0c322f5d01fba5d26431e0c336a8c5aaaebf6595fa6e408c9e
                                                      • Instruction ID: e88597d19ace0bb32ee3166b22c5fb2d0be62f58a185226c0412039af9d990fa
                                                      • Opcode Fuzzy Hash: 52ae41716ca91d0c322f5d01fba5d26431e0c336a8c5aaaebf6595fa6e408c9e
                                                      • Instruction Fuzzy Hash: E4119D72A18129CFDB248FB9E8405FFB7B5EB84350F004626E816DB641F230DA9187D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B03930 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9ce76742930646e8954d11a0bd1e91dc838c48ef45be3ac0ceeba9e913aea039
                                                      • Instruction ID: 467a7f23648d5159a37f5365d2df980da63f926e87f6b897778e5a6995620a2c
                                                      • Opcode Fuzzy Hash: 9ce76742930646e8954d11a0bd1e91dc838c48ef45be3ac0ceeba9e913aea039
                                                      • Instruction Fuzzy Hash: 25114F717017408FC739AB39942861A7BE6EFC63753204BBED0AA4A6E0CF32D442CB00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00F8D005 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453996730.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_f8d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 38f4f049346933511baceb2dc2f1784429fe30d7869651ab3ad046c68c2d13d7
                                                      • Instruction ID: b10aff12c05d9a491ea85a31d3d07493b801c238b22f9ca6a90c53c9fcc3136f
                                                      • Opcode Fuzzy Hash: 38f4f049346933511baceb2dc2f1784429fe30d7869651ab3ad046c68c2d13d7
                                                      • Instruction Fuzzy Hash: AE2180755093808FCB02DF20D994715BF71EF46324F28C5EAD8498B6A7C33A980ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B53C0 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dabae62fc29950361f365f17d464733ef1e6d4bc8a490172bc23d8fe9d60d5ce
                                                      • Instruction ID: 24569168b4fca9f282a14d57551dc618deea4c2949072f5a09eade76a74afb84
                                                      • Opcode Fuzzy Hash: dabae62fc29950361f365f17d464733ef1e6d4bc8a490172bc23d8fe9d60d5ce
                                                      • Instruction Fuzzy Hash: 2D11C275A007054B8B15DEB998406FFBBFBEFC4260715852DE429EB380EF708D0587A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8898 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8662afab6fd4d8b1339d0d1d6332625c0c481f2392b703cea3e81260de8b0aee
                                                      • Instruction ID: 90948fab90ccd9556af003ff241092105b2c02affb7dbc4b0e50f0617e95074f
                                                      • Opcode Fuzzy Hash: 8662afab6fd4d8b1339d0d1d6332625c0c481f2392b703cea3e81260de8b0aee
                                                      • Instruction Fuzzy Hash: 67119D317206058FCB24AF38D490CA9B7BAAF8675171409AEE14ADF3B0DE31D885CB12
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B30CC Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c902fd92e5da6b1afa5530d2ac73efdbe5de82db0d50a7da53959bab0e4bf641
                                                      • Instruction ID: 7a746c4f90a2dae0f98de5936c46402bdcef098700c166b9b9510d9d7a6b0937
                                                      • Opcode Fuzzy Hash: c902fd92e5da6b1afa5530d2ac73efdbe5de82db0d50a7da53959bab0e4bf641
                                                      • Instruction Fuzzy Hash: 31114631721200CFCB18DF68C8959A87BF6EF89755B5640AAE506DB371DB31EC41CB45
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBB70 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b5bb07b24736b693696f4bf87b96b3f566b02f58d6d3a8d9e9f48069c1e03ac3
                                                      • Instruction ID: d062e88c0d5650c561ebd731126daf01bbc99a4a43e0aa2efb758e35155c12fc
                                                      • Opcode Fuzzy Hash: b5bb07b24736b693696f4bf87b96b3f566b02f58d6d3a8d9e9f48069c1e03ac3
                                                      • Instruction Fuzzy Hash: 09217FB4A00908DFDB04CF5AE284999BBF1FF8C310B6290D4E4489B365DB31EE64EB05
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B1200 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f6246f6e26dc29af9044e27a444f9049a32e6da84815f4ea004ce37550f29360
                                                      • Instruction ID: 1bf0f8a9aa7c39eacb22ba64d616166f361273823f388009509d89caf8278c49
                                                      • Opcode Fuzzy Hash: f6246f6e26dc29af9044e27a444f9049a32e6da84815f4ea004ce37550f29360
                                                      • Instruction Fuzzy Hash: 9711BB30A207119FDB25CB68C8A4FE6B3E5AF86356F04852ED859D7680CFB4E855CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B52F0 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 162aa7aa65dc2dee55d74bac92ba112345c3cbc8b306e8144877a861d49e7039
                                                      • Instruction ID: 88bd25e277430f1a06f2b1d0bb83363054404f1482fe075993b08ce3fb26ebe0
                                                      • Opcode Fuzzy Hash: 162aa7aa65dc2dee55d74bac92ba112345c3cbc8b306e8144877a861d49e7039
                                                      • Instruction Fuzzy Hash: F1114C31B002098BCF54EFA898106EEBAB6BFC8710B50406AD505EB340FB318D41DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF370 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 921adaa81a849b49f62949e13804de59a04d4eb77d70dce7cfcedf69234a3efb
                                                      • Instruction ID: ceca77428c1cc03c60fd2cc16027cd10fd40a1ac29b67faa0e73b0bc53fef631
                                                      • Opcode Fuzzy Hash: 921adaa81a849b49f62949e13804de59a04d4eb77d70dce7cfcedf69234a3efb
                                                      • Instruction Fuzzy Hash: B811E53220D3C19FCB168B69CAA4AD57FF0AF06754F1944EBD444CB2A2DB34D885C722
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BCC0D Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7098466275467864b18a68d8bc9f7ca0347866eb923d4cd265b42547aed9b496
                                                      • Instruction ID: 08ea4b06f70beb78e51266632f5d4dfdc45e1859880f38092994cbe9928e5919
                                                      • Opcode Fuzzy Hash: 7098466275467864b18a68d8bc9f7ca0347866eb923d4cd265b42547aed9b496
                                                      • Instruction Fuzzy Hash: FFF0B43054D784CFDB058F64D45A5B83BB4FB43310F1442F6D85A4B1A2D7760A52EF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B11F9 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ddb8e9ae732194b13d843290b06d765910e9091c8798e4c5df2f1ffbcca085f8
                                                      • Instruction ID: 52aa3449d5f908d4df7d0a34502b320091576bddaf68cd60337b29191b43798f
                                                      • Opcode Fuzzy Hash: ddb8e9ae732194b13d843290b06d765910e9091c8798e4c5df2f1ffbcca085f8
                                                      • Instruction Fuzzy Hash: 1511C130A207119FDB24CB68D8A1FE673E5AF86366F04C52ED859D7680CFB0E855C740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00D7D3D3 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453619668.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_d7d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                      • Instruction ID: f3d53886784dc12d3282ebe1ac2f88254524015ae94394c33f6965c59c6048f6
                                                      • Opcode Fuzzy Hash: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                      • Instruction Fuzzy Hash: 0211E676504240DFCB15CF10D5C4B16BF72FF94328F28C6A9D8090B656C33AE85ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E1D0A Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d1bae14e950affe8e3ae96e26b8d7c7651082b8a899fa7c16b0d0f30bb324f21
                                                      • Instruction ID: c7349fc0b33218b0181464408c112d12d28281204fcd341dbfbebe24526b6457
                                                      • Opcode Fuzzy Hash: d1bae14e950affe8e3ae96e26b8d7c7651082b8a899fa7c16b0d0f30bb324f21
                                                      • Instruction Fuzzy Hash: 15112B70E01206CFDB18DF6AC488AAEF7F2AF48311F15C46DD428AB361E7749942CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E1D18 Relevance: .1, Instructions: 54COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3f6d3ae52d4ed2634b90da1f0a98ee29a156efc094ed41bde963d409b3c05cc1
                                                      • Instruction ID: 76fb50cb31733a2920b159a3fa0dc4b404232b940fe9c445b7dd1087f13abdbe
                                                      • Opcode Fuzzy Hash: 3f6d3ae52d4ed2634b90da1f0a98ee29a156efc094ed41bde963d409b3c05cc1
                                                      • Instruction Fuzzy Hash: DB112B70E0120ACFDB18DF6AC044AAEF7F2AF48711F55C4BAC428AB361D7349941CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00F8D1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453996730.0000000000F8D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00F8D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_f8d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction ID: 286414994e0cc834be2cf1815a180fe59349893a56081ec2a20d4c02492c75c3
                                                      • Opcode Fuzzy Hash: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction Fuzzy Hash: 9211BB75904280DFCB05DF10C9C4B15BBA1FF84328F24C6A9D8494B696C33AD84ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0590 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9aff55007f8716200cb06f120235f6d590e0c5940d88a46e337f16467a79a01
                                                      • Instruction ID: 959624ebc7c601406ab0095c34c4fbc38039f10142f2c860dcddb8838ca89b24
                                                      • Opcode Fuzzy Hash: c9aff55007f8716200cb06f120235f6d590e0c5940d88a46e337f16467a79a01
                                                      • Instruction Fuzzy Hash: BE01D63170023857D7286E765A147FF298B6BC0BA0F145019E906DB388FEA0CC4257DA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBDF9 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 21e8cf2d03d78b936050030cb07ded6729e15b7d469e653d478269f0ef735ba3
                                                      • Instruction ID: d6f8b95001c5a73a5f2c28b6e6879d10e8998d60ca5ace632f586e5ef7ddad2e
                                                      • Opcode Fuzzy Hash: 21e8cf2d03d78b936050030cb07ded6729e15b7d469e653d478269f0ef735ba3
                                                      • Instruction Fuzzy Hash: 57115DB4D0825ADFDB40CFB8C4859FDBBB4AB09390F50541AE91AAB251E3349982CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B8888 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 788cb3f485f38dd463791006398dccc279b6a8ad00c0bdd6ebb40f53ae371db9
                                                      • Instruction ID: 550342ee3ba1a5691ed7c5865300f36a463dc055379e8231a8b5481009ff7792
                                                      • Opcode Fuzzy Hash: 788cb3f485f38dd463791006398dccc279b6a8ad00c0bdd6ebb40f53ae371db9
                                                      • Instruction Fuzzy Hash: D001F1363206048FC7249F39C880D99BBB9EF86351B08086AE009DF3A0DA31EC45CB21
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BC24F Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c72fc26300e8789a539fac9b1588a0ab0c68644bc8354fd638f14800547d3f18
                                                      • Instruction ID: 9d0b1c9ab5381ef58622370459e6bd02ba9cc77948c1406a3aa3109720e7b72c
                                                      • Opcode Fuzzy Hash: c72fc26300e8789a539fac9b1588a0ab0c68644bc8354fd638f14800547d3f18
                                                      • Instruction Fuzzy Hash: 020168322193918FC7128F64D8D0DE6BB74EF873A0B1482AFE4568B1D2CB368997C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BD240 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53befff8e72f56561971434b54e275cd1d6cf78572637ad9a78d0427921894d5
                                                      • Instruction ID: a50cfea3751c508412adcfc06eb2026752397c7a636d2eaf2d031f03ef290b3b
                                                      • Opcode Fuzzy Hash: 53befff8e72f56561971434b54e275cd1d6cf78572637ad9a78d0427921894d5
                                                      • Instruction Fuzzy Hash: 880184313202004FDA09A7698498ABE73D7EFCABD13590079D506CB3A5EF74DC024391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF8C0 Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e63721cd89ed98422d734b64a6e5cca4c969c60464e14cbdcae53b0f6a08d784
                                                      • Instruction ID: 77590e92a482683fc454aadf928c944f8f73a987422573212df4ece528db3184
                                                      • Opcode Fuzzy Hash: e63721cd89ed98422d734b64a6e5cca4c969c60464e14cbdcae53b0f6a08d784
                                                      • Instruction Fuzzy Hash: 60011261A0E7C25FD7030B745DA55957F30AE13119B5E02EBC880DF5B3E618482AC3A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B9231 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ce28145a9dde8e7b6958f482adb8dfd4a840434ab055b0062ddeb02e244eb2b
                                                      • Instruction ID: 5a3edf2ea85f4fd4f89fff8b00d79f5e815238b55c2e9e44ec99dd19ce26b5cc
                                                      • Opcode Fuzzy Hash: 6ce28145a9dde8e7b6958f482adb8dfd4a840434ab055b0062ddeb02e244eb2b
                                                      • Instruction Fuzzy Hash: EC01D634E04284DFD7089FA494153FC3BF5EB85300F1085A6E60AE7355EA3489418BD2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B7CE0 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76d684062129901358e2812f77edee1fd83d0753963ec98f14c7162a7a4f3c6f
                                                      • Instruction ID: 9692052b3afb4c96505632599f1f726de514e0b8c9386bfffe20e63790ae3a76
                                                      • Opcode Fuzzy Hash: 76d684062129901358e2812f77edee1fd83d0753963ec98f14c7162a7a4f3c6f
                                                      • Instruction Fuzzy Hash: 15015AB614A3D4AFE7434E609C26BA43F70DF67600F1940D7F540CF1A3E29A8806A762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B26D0 Relevance: .0, Instructions: 47COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5676d75fe497ccfef6f42fd50d06e29c0066bca727cc4245a0e932b9837c421f
                                                      • Instruction ID: 45d6d9fdf60f91f3ed9b82eab53ada76fdc54c30a0c4c4c05980234b64c0f77e
                                                      • Opcode Fuzzy Hash: 5676d75fe497ccfef6f42fd50d06e29c0066bca727cc4245a0e932b9837c421f
                                                      • Instruction Fuzzy Hash: BC01C5756406109FC728DF39D858D5977B1AF9A7253110AACE416CB3B2DB71EC81CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B0918 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09088ec50df3ac8cc17d1cacc3d75a55edee7ad871b4e97c3b40a30bcf8b46c3
                                                      • Instruction ID: 9541cbf9eb02e1c18f4b95662efd3ecf5d4437b44e8ef73b31c9eeff8cbc0897
                                                      • Opcode Fuzzy Hash: 09088ec50df3ac8cc17d1cacc3d75a55edee7ad871b4e97c3b40a30bcf8b46c3
                                                      • Instruction Fuzzy Hash: 1A01F2303003049FEB25AE6AD410BE7BBD5ABC1724F94842EE40D8B768EB70D886C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B3A70 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f8cfb9c1aa79e1b7c5a5ec6a191c622d50b509a2542d5328d92408664de8a436
                                                      • Instruction ID: 15ca543c3e1d7707559796822be54417bf31e0c4420ad4e5180c755033bef7fd
                                                      • Opcode Fuzzy Hash: f8cfb9c1aa79e1b7c5a5ec6a191c622d50b509a2542d5328d92408664de8a436
                                                      • Instruction Fuzzy Hash: A001D6213057845BD7219F7D9854B9FBBC6BFC0268F14452EE14A8B740EFA6D8488395
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B12EC Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1c6103a4ef37fa819d1438516eaf1fb646ce7b3e8a35b619b1ad57314c3da8bb
                                                      • Instruction ID: 1b695c3204b8f38bd0086defc9a1aaa3dc2b0c652e76bebbbcdc2eafcbb1e3c9
                                                      • Opcode Fuzzy Hash: 1c6103a4ef37fa819d1438516eaf1fb646ce7b3e8a35b619b1ad57314c3da8bb
                                                      • Instruction Fuzzy Hash: 7301D3752406108FC328EF39C89891973F5FF9972131109ACE426CB3B1DA21EC81CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00D7D745 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453619668.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_d7d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3ac11754f5e61450f86c5fd9f58ba09577e37bc9912924fbe4c11af00c667b2
                                                      • Instruction ID: 8750f50e1caac098aa965d2be716c066cc0755ee5c5f16b084994d52339c7426
                                                      • Opcode Fuzzy Hash: d3ac11754f5e61450f86c5fd9f58ba09577e37bc9912924fbe4c11af00c667b2
                                                      • Instruction Fuzzy Hash: 2A01DB711043409BE7245E25CD84B67BBE9DF81734F18C55AED4E0E282E779DC41CAB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B9240 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: beba895c793c421aea3b7069adcd3d9cd3e7afa8d92eb66fa4b227bedb2a4aa1
                                                      • Instruction ID: a39beca736abe31d50d7bb1f408ea36f1d720c9232eb50d5061db2a04933a5e6
                                                      • Opcode Fuzzy Hash: beba895c793c421aea3b7069adcd3d9cd3e7afa8d92eb66fa4b227bedb2a4aa1
                                                      • Instruction Fuzzy Hash: 9A01A234F00248DBDB04AFA494153FD77A5EB89310F108466EA0AE7385EA3089419B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BAF90 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e625c3725a5e9f0fe3c3ef6fb9398cc8134bc734f36953b422dd1adac2dc532
                                                      • Instruction ID: 891270c17f57f4e9e0458b8b4b7d12e309bae4607204b19a168673015d53b681
                                                      • Opcode Fuzzy Hash: 3e625c3725a5e9f0fe3c3ef6fb9398cc8134bc734f36953b422dd1adac2dc532
                                                      • Instruction Fuzzy Hash: 13018CB162E3829FC7124B789CA0DE53F749F0366170A42DBE159CB9E3DE2A9844C712
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B2F90 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 85ab11b16f0c6c06974295439589f9366c16cede602437342b8d466fca73b723
                                                      • Instruction ID: f5af8424c58476ee7c70d050695b56555a55b36a3bfdfa045ae44fdb49cee5bd
                                                      • Opcode Fuzzy Hash: 85ab11b16f0c6c06974295439589f9366c16cede602437342b8d466fca73b723
                                                      • Instruction Fuzzy Hash: EE01F23028D3815FDB078F748821AA93FB4AF53204B1941EBE955CF1A3EA248886C712
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF380 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 342af138c6114443caab90a1baa6540debfb81564adf23e866ffc641945fefd5
                                                      • Instruction ID: df00f9508f3c26d4fcec7b3d40736d4da9cbc3e93900176bf9a6c42907df0bcc
                                                      • Opcode Fuzzy Hash: 342af138c6114443caab90a1baa6540debfb81564adf23e866ffc641945fefd5
                                                      • Instruction Fuzzy Hash: 3BF0C832214741DBDB24DB19CA80BEE77E4EF447A5F00853DD54A87690DF71E981C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B04110 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 09bca0bad8a645d66334aa08e81b6ac4868e514fd36620ec5ef20bbb614f17c4
                                                      • Instruction ID: e415e7732c01f1b2e81258d8e5e5509a5ba9d77429ba09fda369df8b7c4241d1
                                                      • Opcode Fuzzy Hash: 09bca0bad8a645d66334aa08e81b6ac4868e514fd36620ec5ef20bbb614f17c4
                                                      • Instruction Fuzzy Hash: 7CF0F06273C091A6D24C497E65103ABEDCBA7F9665F0980BB9709D72E0E9A48C1102D2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B92D8 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa348dbf13f393ce2a974fea0c83b8866a44963b0c6a6a5f5f46b7e214fb4c41
                                                      • Instruction ID: 9d52af6477b9bb3142076055ac21d67bfd2fcab2f07eae68df55c85405e6856f
                                                      • Opcode Fuzzy Hash: aa348dbf13f393ce2a974fea0c83b8866a44963b0c6a6a5f5f46b7e214fb4c41
                                                      • Instruction Fuzzy Hash: 12F0C2313242058FCB149BA9C494FE97BEAAFC4794F09846AD209CB2A1DE309C81CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00D7D744 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1453619668.0000000000D7D000.00000040.00000800.00020000.00000000.sdmp, Offset: 00D7D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_d7d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 28a560f960980f2cd727e098eb0c3a8a4b49b0dd726120466bcd14b7e04b0ffa
                                                      • Instruction ID: 49e8e7e1a104819991c96f80e43bc56059537fe25b50cd821cbb9654fdb7025f
                                                      • Opcode Fuzzy Hash: 28a560f960980f2cd727e098eb0c3a8a4b49b0dd726120466bcd14b7e04b0ffa
                                                      • Instruction Fuzzy Hash: 03F0CD71008340AEE7248E1AC888B62FBE8EF81734F18C45AED0D0A286D2799C40CBB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B30D8 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e072fa6a3e5f4d4e72625a467842224c8473aec5fd426b49a72517bfacfdd7a9
                                                      • Instruction ID: 467734fcc1575de4a2dd241c17c708f70a10d5a6f2570efcbe5786f26bc4c0eb
                                                      • Opcode Fuzzy Hash: e072fa6a3e5f4d4e72625a467842224c8473aec5fd426b49a72517bfacfdd7a9
                                                      • Instruction Fuzzy Hash: D701F231B21200CFCB18DF68D494CA8B7F6FF8835175644AAD406AB261DB31EC81CB44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B92E8 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8b5084c6dc4d2f923273cd48852ab790562512baedbca650215e6dbf52af2f29
                                                      • Instruction ID: 26c8a9694a61b5b247acf34c62fc25d518c0804c227d455478456008995901a4
                                                      • Opcode Fuzzy Hash: 8b5084c6dc4d2f923273cd48852ab790562512baedbca650215e6dbf52af2f29
                                                      • Instruction Fuzzy Hash: 18F054317642054FCA24AB79C4D0FEA37D6ABC4B90F044469D245CB3A0DE709C818752
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BE488 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2b5049f1cbbe66baa61a31ef1ab66f8abc216516df3f64326961bb0bc8463965
                                                      • Instruction ID: 5c27927812747fd77a2f1b20e1c9a118beb3dd94b4227b97d1af537cfd29282b
                                                      • Opcode Fuzzy Hash: 2b5049f1cbbe66baa61a31ef1ab66f8abc216516df3f64326961bb0bc8463965
                                                      • Instruction Fuzzy Hash: 9DF0E936910259DFCF11AF588D449DD3F70EF0A364B168862F9A4E2181E734E534DB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BB450 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a4624ebf21144c9c45003d9f43fb729f4e71eeda205f2680a0dfc7b290cecf4
                                                      • Instruction ID: 2e7f2ebf0ec37cfb6fe5c7350787e288e4d2dcee15b4104af951372cb291d7a1
                                                      • Opcode Fuzzy Hash: 2a4624ebf21144c9c45003d9f43fb729f4e71eeda205f2680a0dfc7b290cecf4
                                                      • Instruction Fuzzy Hash: 69F0FC3150A3909FD3018B60D4157A53F95AF4220DF18C0FBE14C8F297DA774447CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B08A2 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f90a23fe4f0c541eb6f3897824c961ee6c1e30dd1b398256e77ab4a991b7b36
                                                      • Instruction ID: 65daed7d2b12c85681496b326199ec5dc6c4222c07b7539d050a8b0b298d9aa8
                                                      • Opcode Fuzzy Hash: 9f90a23fe4f0c541eb6f3897824c961ee6c1e30dd1b398256e77ab4a991b7b36
                                                      • Instruction Fuzzy Hash: 63F01D346405008FC398DF2ED449969BBE2FF8932076AC2AAE01DCB3B2DA70DC418B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B9B88 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f0fecc15b8d170d9551e7ef8424ccd8b9b02513b36d0f190da39f78306631f3
                                                      • Instruction ID: 8b6227134d8c75603e8a810834c0370269b7d8a007eec3a54b1e7b178db0b33b
                                                      • Opcode Fuzzy Hash: 2f0fecc15b8d170d9551e7ef8424ccd8b9b02513b36d0f190da39f78306631f3
                                                      • Instruction Fuzzy Hash: ACE02B713403509FF7141D40A822FF23BACDB85714F04419BF305CD2E1EAE249C187A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BFEF9 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47a06bfe722d4a0157c4c0536361bbe4b160cdeaa37d7487264357cb68bb2a49
                                                      • Instruction ID: 5806ffbe718455d3d5a1e260e580aafb7acf1e2853095d6f617ff160e3dc5ea5
                                                      • Opcode Fuzzy Hash: 47a06bfe722d4a0157c4c0536361bbe4b160cdeaa37d7487264357cb68bb2a49
                                                      • Instruction Fuzzy Hash: 3EE06D323052545FC316576DA8949DABFEADFCA66031A40FBE108DB673CD658C0183A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF3E8 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 90399a0eb58e81c22469ed8d78af54e48830b95c8b278b90e19f5c23a6132082
                                                      • Instruction ID: 698670da2dbeecf6dfed0e8d767fac86fa8f0df947a98aed901bf1990ee8ea2b
                                                      • Opcode Fuzzy Hash: 90399a0eb58e81c22469ed8d78af54e48830b95c8b278b90e19f5c23a6132082
                                                      • Instruction Fuzzy Hash: 9CE0D8313190014FC3055B9D9894899BBA6FFCE76431A40B7E10CDB362EE204C068760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B08A8 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a7fb8fedcefaf6f75269b115a76507b39ac6a01a78cd5f4b77d9a56476c0d9c
                                                      • Instruction ID: 48a3ceafab47fa9ad6165ab220ddc881f23c17d146d70e493b127910082da5a8
                                                      • Opcode Fuzzy Hash: 6a7fb8fedcefaf6f75269b115a76507b39ac6a01a78cd5f4b77d9a56476c0d9c
                                                      • Instruction Fuzzy Hash: E8F03A306006008FC398DF2ED409955BBE6EF8932076AC2AAE01DCB3F2EA70DC418B50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BBDB7 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f59ce6bc7dec58fc320a5bf32a09071468bffec42b5f8f85d58a5332c344b4b
                                                      • Instruction ID: f0afd22a905a99c9bac4dee1791fc4444f5a1abb54b6494f5bdba88650ab75b9
                                                      • Opcode Fuzzy Hash: 4f59ce6bc7dec58fc320a5bf32a09071468bffec42b5f8f85d58a5332c344b4b
                                                      • Instruction Fuzzy Hash: 81F08C70D18209DFDB48CFB4C4445FEBBB4EB8A381F10852AA816BB350D7745982CF52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B27C0 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f19bae3ddc9db52361c34b0495554887e82125c6ada86722e2c5c27013e52fe8
                                                      • Instruction ID: fa89191a81828ccf0aa25a10954806cfc29ca4b65e26986240763410a2c9f6ac
                                                      • Opcode Fuzzy Hash: f19bae3ddc9db52361c34b0495554887e82125c6ada86722e2c5c27013e52fe8
                                                      • Instruction Fuzzy Hash: 50F0E93150A3915FD72E9F3891602E57FA86F07201B6505EFD0458F6E2E6B2A885C711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B31A0 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5222b201bd94f326a4e1b1eb6b555ac8d6c1a5d96948f78b817882de42dda2d3
                                                      • Instruction ID: 93a6e6964e21c3b1ab62164befcbf0db8601957559ed7cdc7dc5ec7f536934e6
                                                      • Opcode Fuzzy Hash: 5222b201bd94f326a4e1b1eb6b555ac8d6c1a5d96948f78b817882de42dda2d3
                                                      • Instruction Fuzzy Hash: 46E086357346154B9A2977AD1854DBA659F8AC5EE1349013BDE06CB3C0EE64CC0193AD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B3190 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 589c18525466b8dd1638cf9e04444f4e6510298537b48338d0596783a6198658
                                                      • Instruction ID: 2f8d2e7e846244dc183e4b054417ab60a8e97e4849397a1c186e5769c489ef2a
                                                      • Opcode Fuzzy Hash: 589c18525466b8dd1638cf9e04444f4e6510298537b48338d0596783a6198658
                                                      • Instruction Fuzzy Hash: 4DE0D8357386414BD715576D1814CBA1A6BCAC67A134E016BA901CB3D0EE28CC00A359
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BD8A0 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 07e8803cc33a7c82ae434abf9278ef3b4d66f812b01b20d0a5ab131e7d606e78
                                                      • Instruction ID: 83e5a4d71e26be625b561dc0503f019bf041e3e4a892c496f51755a53e0d966d
                                                      • Opcode Fuzzy Hash: 07e8803cc33a7c82ae434abf9278ef3b4d66f812b01b20d0a5ab131e7d606e78
                                                      • Instruction Fuzzy Hash: DBE086313601115B8204675E9CC4DFE77DEEBCA770755447AF10DD7351DD619C054361
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B3ED4 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f96e195acc7a0a0aacfbfa9f7900272c593126f7610ec4baa0c491b339faac9d
                                                      • Instruction ID: a568768b33567eb000b25c70507a563172f8dc19e4c69ac4a79947cf1d029af6
                                                      • Opcode Fuzzy Hash: f96e195acc7a0a0aacfbfa9f7900272c593126f7610ec4baa0c491b339faac9d
                                                      • Instruction Fuzzy Hash: 21E086313641116B8204676E9CC4DAAB7DEDBCA771758447AF10DD7361DDA19C008364
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B9B98 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cb2fca4d1238f076af1f51dc8cd93f1adfda1400ac2b73b35f6a06b83ba551e5
                                                      • Instruction ID: a0109a0a1b5ddd811f15c77d81b064232c58f6c29f9f35c41be64f318e922a1d
                                                      • Opcode Fuzzy Hash: cb2fca4d1238f076af1f51dc8cd93f1adfda1400ac2b73b35f6a06b83ba551e5
                                                      • Instruction Fuzzy Hash: A1E0DFB0340328ABFA1069949C23FB3314DDBC8B14F10445AF706AE3C0EEE28C814BA6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B0D860 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e91bd9587686ec309f7fd90e7b862449fc86e083c018c2c7f3a519161dc1700
                                                      • Instruction ID: 6bff9958e1edc51efa9bd26fe0a7e9ac2ed47ef7062977000fe7b6b26ef6811d
                                                      • Opcode Fuzzy Hash: 4e91bd9587686ec309f7fd90e7b862449fc86e083c018c2c7f3a519161dc1700
                                                      • Instruction Fuzzy Hash: AAE0D821740328A7F91423D95817762798DCBC5760F9400A0BA05EE2C4DDA188014691
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E0C38 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8c8f0d5e2242f3bf1582cb59ed44a26be206559cfbcef4a60704552d4dcb0b24
                                                      • Instruction ID: 7f3fe514a41c0a3a831c3e2b11fbdd806931baab8efa295389fdbfa0f09ff56c
                                                      • Opcode Fuzzy Hash: 8c8f0d5e2242f3bf1582cb59ed44a26be206559cfbcef4a60704552d4dcb0b24
                                                      • Instruction Fuzzy Hash: FFE026327083419BC3261667B45879B7BABDFC2B11F0505ABE1098F781CABA9C46C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B5D50 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1c9e6d826b8d70e121ca4806471b9cdb327cf76a3cfc6cb96e0f6ca5d692e13
                                                      • Instruction ID: 7a177ac0147558f46932726fa605eaf7d111d859c1083ac5cb27a957c39316e8
                                                      • Opcode Fuzzy Hash: a1c9e6d826b8d70e121ca4806471b9cdb327cf76a3cfc6cb96e0f6ca5d692e13
                                                      • Instruction Fuzzy Hash: B3E0D8357016175BCB299729D4509967359AEC4FA4308423AC9084BB00CF31FC068BD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B11E5 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e387fff615c06cad776659946152b5086c871afc83efaf50561e3680b9f5b62
                                                      • Instruction ID: e96926a5b581cb28202acf5f8079fd185cce293f333952e521021ff0d81ed542
                                                      • Opcode Fuzzy Hash: 3e387fff615c06cad776659946152b5086c871afc83efaf50561e3680b9f5b62
                                                      • Instruction Fuzzy Hash: C5F02B72308245CFC3019B38F1941E9FFD0FF96216F0941FED04447662D7619419C751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B27E8 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53366e912fa829b020f86283471255c9aea74ece7d7f351c29d9d66c16742540
                                                      • Instruction ID: a8239c17c8274990ffd9bdc9d38feba5f894311f7d73a7a6c69aa01974d84f0c
                                                      • Opcode Fuzzy Hash: 53366e912fa829b020f86283471255c9aea74ece7d7f351c29d9d66c16742540
                                                      • Instruction Fuzzy Hash: 25E0863134532497C7386E75A0201A573999F4611731048BDD4098EA40FAB2E8C0C754
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B116D Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7073b0bfb4ef19d22cbe25a83e1561fdc80142637e206196fb99a803bfbfb5a4
                                                      • Instruction ID: 26c7e5ff7764159d22453325e793265b0b78f90101066467bcb5e824332fe477
                                                      • Opcode Fuzzy Hash: 7073b0bfb4ef19d22cbe25a83e1561fdc80142637e206196fb99a803bfbfb5a4
                                                      • Instruction Fuzzy Hash: BBE0E532308292CFC7014B38E0443E5BFD0EF52215F0841FAD04847162D7659806C711
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BC369 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 597e869017942717ad0d7af9593095039880e365b57621dc3758e9462ec9db3c
                                                      • Instruction ID: 6238d3dab6de27f967095fce8f29ec43ab4f7760647a79cdb20aabd032dc6d83
                                                      • Opcode Fuzzy Hash: 597e869017942717ad0d7af9593095039880e365b57621dc3758e9462ec9db3c
                                                      • Instruction Fuzzy Hash: 4CE01A76A101049FC3048B1CD844889FBE5EF9932171A85BBE10CDB361EA709C41C760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B2FC0 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7ce1e4dd7932385158ebcb0c497c81b20ab2f6cb1eba3f398a1537a92536df27
                                                      • Instruction ID: 05f063597bc7d4a0c8adadc8632be49960543924339502b3a53f8148cb567a21
                                                      • Opcode Fuzzy Hash: 7ce1e4dd7932385158ebcb0c497c81b20ab2f6cb1eba3f398a1537a92536df27
                                                      • Instruction Fuzzy Hash: 4FE08C303543068BDF08EF2DD820B9633D9BB80A08F204568A218CF251FB32E8828781
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B52A0 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 52559253e19b4d45e6ee994fd351972c233c52c709ec4c15db8563e4963aeac4
                                                      • Instruction ID: 3a9900ba25181b6d56f027a6288da1be2a7fe9004d672979714df63b347a54ff
                                                      • Opcode Fuzzy Hash: 52559253e19b4d45e6ee994fd351972c233c52c709ec4c15db8563e4963aeac4
                                                      • Instruction Fuzzy Hash: EAE07E3904D3D24FC7079B70886A8657FF1AE8321470E80EAD184CF0F7D6698919D723
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B5681 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c2823967d00cbfde60d9af91a48e71ad66e1a99249e3a25f9d82f00e39651144
                                                      • Instruction ID: 969f79d6f87e0f4b7db0901ec1265523326dac08726eebf00e70fe7eefe2e5d0
                                                      • Opcode Fuzzy Hash: c2823967d00cbfde60d9af91a48e71ad66e1a99249e3a25f9d82f00e39651144
                                                      • Instruction Fuzzy Hash: 3AD05E75704B904BC7599A7460101ADBBD38B8152030484BEC14ED7190D9780C038759
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E1CB8 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 659e7b359baba9f9aecd50c3953afb2b21755e25712f85b4788c625ed6253320
                                                      • Instruction ID: 667dbe68178f7ade37ae2ff577ea7cfa6c4f950d017a834d8bde564672a53ed8
                                                      • Opcode Fuzzy Hash: 659e7b359baba9f9aecd50c3953afb2b21755e25712f85b4788c625ed6253320
                                                      • Instruction Fuzzy Hash: 14E04FB1C4430AAED750EFB685403EE7BF3BB48204F51A96AC024F6300F7B402149F92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E0C48 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f50ff3a4d3b8fb0f2dc89b0380715a75d718315166db418133ad658e79e241db
                                                      • Instruction ID: bc0e8ed29ac34248669d928a8111a3fd11735fa109c5558345d950b1a9158ec7
                                                      • Opcode Fuzzy Hash: f50ff3a4d3b8fb0f2dc89b0380715a75d718315166db418133ad658e79e241db
                                                      • Instruction Fuzzy Hash: 43D05E3270421193C225115BB459BABB39ADBC5B22F11027BE20A4B784CEBBEC42C7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BC378 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 904d9b4e5498a75be4cc417e9b07ce3a9ad470d85014a628668a80f2a317b528
                                                      • Instruction ID: 444574ccd013c120c3c0c18a357809d3f59116cad8565b201e83bc9b41986c4a
                                                      • Opcode Fuzzy Hash: 904d9b4e5498a75be4cc417e9b07ce3a9ad470d85014a628668a80f2a317b528
                                                      • Instruction Fuzzy Hash: 7EE0B6756101149F8304DB5DD444895FBE9EF8976171581BBE60CCB361DA719C4087A4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BAFC0 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5759533cdb041a4e3ce50df27a856526489af348984719ce5f96a58b95a62d4
                                                      • Instruction ID: 7eca5aa3be097943bba03f72abcc2ba4be918693256f561cdc0d988ad0e4987c
                                                      • Opcode Fuzzy Hash: c5759533cdb041a4e3ce50df27a856526489af348984719ce5f96a58b95a62d4
                                                      • Instruction Fuzzy Hash: FCD05B713113114FC728AB19D050E95739C9F06B5570144AEE50DC7660CE62DC40C784
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BCC58 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a17259c4da289bd69d3d39b44517449df9cfbd6e8a18d88814f8be26d789f4e2
                                                      • Instruction ID: 56568ae2fd1fa378ae936f45b3044f41a007b504469b32fcfbdb7dfc663bf4c0
                                                      • Opcode Fuzzy Hash: a17259c4da289bd69d3d39b44517449df9cfbd6e8a18d88814f8be26d789f4e2
                                                      • Instruction Fuzzy Hash: 80D0A77054D208DBD704DF64D548BF973BCD707301F0010A5A80E1315097755AC0EB56
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E0F48 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5d33e32a7efce3934be5e2b72ca97af648d56c3a1792b29992004ed1c24759b
                                                      • Instruction ID: c0817913f2c377b4bca733f3d360cf291ae2a205b73874946bb7e1d7d00f1126
                                                      • Opcode Fuzzy Hash: e5d33e32a7efce3934be5e2b72ca97af648d56c3a1792b29992004ed1c24759b
                                                      • Instruction Fuzzy Hash: CEE09270C44342DEC7159F74C15AA8ABFB0AB05314F20459DC031DE551DBB501028F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B2E0B Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c29a94433b9e37bad30027ba916441449c5d0f79da575e13827784923fa57c63
                                                      • Instruction ID: d223a14133b1d729ff9d08cdcca290eafcb4b71a9faf2253b64a5bc6003f069b
                                                      • Opcode Fuzzy Hash: c29a94433b9e37bad30027ba916441449c5d0f79da575e13827784923fa57c63
                                                      • Instruction Fuzzy Hash: F4D0122775042017C605255CB84A7AA16E7C7C9692B5D822AF50AD7385CD509C0253E4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E1CC8 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a04d559e9706b4a129605a04ea7b878f918afe0bb9d43ad0cde04c9d7841b326
                                                      • Instruction ID: 596e87e9f9573d2889616ecdd8248e69b637ca87786365a90de703ef6b929d77
                                                      • Opcode Fuzzy Hash: a04d559e9706b4a129605a04ea7b878f918afe0bb9d43ad0cde04c9d7841b326
                                                      • Instruction Fuzzy Hash: 5DD0ECB1C502099ED750EFBA85413AEBAF5AB08200F50897AC424E6200EBB442008FA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B92C0 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9170d2c11053ca2050a1c54e34a5ca38d190c40f3f79aee053f6d5e9230c8605
                                                      • Instruction ID: 377db361316535ed8f5526836dc546677113fe7484d14e23c926bcd923836df8
                                                      • Opcode Fuzzy Hash: 9170d2c11053ca2050a1c54e34a5ca38d190c40f3f79aee053f6d5e9230c8605
                                                      • Instruction Fuzzy Hash: FDC0805F3104404FCE02A379E496BF57B27D7C2255F4CC0B1D348C7B51CA0598479351
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2E0F58 Relevance: .0, Instructions: 15COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465953316.000000000B2E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a6e2842501af1b153afddf5efff85c9c2b540c5d41aebe5badcb53f4dc8713bd
                                                      • Instruction ID: 03e9299743aadf93680a83c8ec5005645d334ac227e4c1443fc115b0e1b10376
                                                      • Opcode Fuzzy Hash: a6e2842501af1b153afddf5efff85c9c2b540c5d41aebe5badcb53f4dc8713bd
                                                      • Instruction Fuzzy Hash: 93D012B0C14309EFCB40EFB9855679FBFF4BB04200F504965C025E6200EBB442158FA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B7D10 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ca2967a07ce1e245af5236a7317ada675a9a77a6baf2e8c42001aaaf29d0106
                                                      • Instruction ID: af0e6931763d41b04ada2d03e7e4344f0ee5235c20f5192ea5daa389592d2477
                                                      • Opcode Fuzzy Hash: 2ca2967a07ce1e245af5236a7317ada675a9a77a6baf2e8c42001aaaf29d0106
                                                      • Instruction Fuzzy Hash: CED09236280208BFDB018E85DD06F8A3F65EF08B10F104040FB045E1B1C3B2E820AB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B0721 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a9ea84f73b0dab2f8257b11da5658e5db0eeb1d04a8d3efe2eaf5874561090c4
                                                      • Instruction ID: 544fca588483672a79e85851dcfec99b88d59e4d1e6c57ff89c7f41f2e6e13b6
                                                      • Opcode Fuzzy Hash: a9ea84f73b0dab2f8257b11da5658e5db0eeb1d04a8d3efe2eaf5874561090c4
                                                      • Instruction Fuzzy Hash: 94D0232920976103C35162B57C19358EFD1D741450F0CC4558440C9241DD54994747C0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B5690 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be2b05bc87b5c61450b705efef2f603fdb22a00798b87b3e7c6f54a66f2df2b4
                                                      • Instruction ID: 3ba07419dac29c5f4e6d10bac4c177986c81a21aca95035d53395a9f37ca5b3a
                                                      • Opcode Fuzzy Hash: be2b05bc87b5c61450b705efef2f603fdb22a00798b87b3e7c6f54a66f2df2b4
                                                      • Instruction Fuzzy Hash: BDC08C22B04F2403860CF6AA64106AEF6CE4FC4820B08C07AC10E872C0DD56180202CD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B063F0 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c710f13ae0acb8adf5973f8a5969db208e849b35124d21da3d550b6e833b3e1f
                                                      • Instruction ID: 83fed729d7c153a752f0a41ce93d177de2a8786a3409cef362828f3d31fdcaeb
                                                      • Opcode Fuzzy Hash: c710f13ae0acb8adf5973f8a5969db208e849b35124d21da3d550b6e833b3e1f
                                                      • Instruction Fuzzy Hash: 66C08C22701B2403860CF66E64102EEF6CE4FC4420B08C07BC20E83280ED62180242CD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B01168 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5815bbcf824db0700bec3b34aae0436d7f03f4590154f2231c29dcaa004929ad
                                                      • Instruction ID: 42f5dec327b11bda6de29aedbfbc4241de829d84c02d0fe3775034f8f1a8cda0
                                                      • Opcode Fuzzy Hash: 5815bbcf824db0700bec3b34aae0436d7f03f4590154f2231c29dcaa004929ad
                                                      • Instruction Fuzzy Hash: 3AC08C72704A6403C60CF66A64102EFF6CF4FC4430B04C07BC20E83290DD62580242CD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B10CF Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cba5ed26b620942311d416fe052f9ea610a4243758f030f3561a5aa7a9d63fe3
                                                      • Instruction ID: f504f29bd3bc460ec981bc0755626206272daabd216be4f8ea16f3b1ba078e18
                                                      • Opcode Fuzzy Hash: cba5ed26b620942311d416fe052f9ea610a4243758f030f3561a5aa7a9d63fe3
                                                      • Instruction Fuzzy Hash: E9D012B17942625ED75FD09C9CDE7746701D3C0645B05907970519F0E6E7D098038584
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BC7D6 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 994412b39177de59a3c6fa07b8600c104af361b34fba141a12e6207ae8a89443
                                                      • Instruction ID: d28f787559f29bd6365edb69d25213d3c74c5cd85a569b0e32e3f47b7c750674
                                                      • Opcode Fuzzy Hash: 994412b39177de59a3c6fa07b8600c104af361b34fba141a12e6207ae8a89443
                                                      • Instruction Fuzzy Hash: B4D0C931C502098BC748DF98D0464EABBA4EB89281751A554D0095A154DB392B439F41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B0B10 Relevance: .0, Instructions: 12COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e37e5ac5f6a5fe81034e191565c77c79717c7f380a87f0629b0b1caaa6e46454
                                                      • Instruction ID: 7faff8010fd980f05256825ceccab39ae88ab25a0074760130a3f8eeab139fb6
                                                      • Opcode Fuzzy Hash: e37e5ac5f6a5fe81034e191565c77c79717c7f380a87f0629b0b1caaa6e46454
                                                      • Instruction Fuzzy Hash: 47D0C9B580A7C18FC337AB7488140957F70BE6725171A66DFC0D08A1A7D63A8487CB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BCBB6 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                      • Instruction ID: d527107686898cdf3c9cb2e10742e8aee715e89d70e9f5f052aefd73a4ef2cae
                                                      • Opcode Fuzzy Hash: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                      • Instruction Fuzzy Hash: B9D06C38A00128CFDB60CF24C880B99B7B1AB4A318F1080D9880DA7342D732AE82CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B3A40 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c200eaee07a26acb9baa94052079a06be19ecbb80c0c52ba6e31d8e132aefa22
                                                      • Instruction ID: d5d2a372515bb31844a01f8273ef5d73b2a0e6c2290b542b7018adc9901860bf
                                                      • Opcode Fuzzy Hash: c200eaee07a26acb9baa94052079a06be19ecbb80c0c52ba6e31d8e132aefa22
                                                      • Instruction Fuzzy Hash: 60C02B630C97C90ECF0702E03E130203F201D4300430A00C7F048CE173E6888580C311
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BF350 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27c2eb40e57ac2c363ff9fb38c6be69191815decc201ea0d16e257faaf8ec547
                                                      • Instruction ID: b782939928e1497102f53f784f44d8af14e98c0ac2ecd3cfa9df95d12ef7b3a1
                                                      • Opcode Fuzzy Hash: 27c2eb40e57ac2c363ff9fb38c6be69191815decc201ea0d16e257faaf8ec547
                                                      • Instruction Fuzzy Hash: 82C04C3450E3815FCB0207224A740807F74ED9674479744C6C994C7557D65418669752
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BC6F0 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 625a494a2eb445fba8db035f1a0c2953b85962a8baf81f21e066ae74b73401f7
                                                      • Instruction ID: edd369675e4aecf9717f999b13ca1e3972418151e4a98c62c83fb40de0d2a4c7
                                                      • Opcode Fuzzy Hash: 625a494a2eb445fba8db035f1a0c2953b85962a8baf81f21e066ae74b73401f7
                                                      • Instruction Fuzzy Hash: EBD00275D08209CFCB40CF98D5446FDBBB5BB49341F209015D45AA7240DB796E83CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B1120 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 22cb4f1aae01a7775f2bc80ed1e51190eb95a330c6801ada6be3bc136fc39f27
                                                      • Instruction ID: 02c3aaf7dba11cbe48831ffc9987ff1a020b887f366dc973575e493ac2bcd8e7
                                                      • Opcode Fuzzy Hash: 22cb4f1aae01a7775f2bc80ed1e51190eb95a330c6801ada6be3bc136fc39f27
                                                      • Instruction Fuzzy Hash: 2EB0923D8003028AEF11153088023C66B709F0520AFA88069884088222D929A48BF661
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B127C Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ccd237fa9de1bf7dda7aee7980c309b1e673ceaa595c1ef3eb0c0ab88753b5b
                                                      • Instruction ID: acf419492c52bf35e19851de542a373a30940516ea855396c8130c2f19be55f8
                                                      • Opcode Fuzzy Hash: 2ccd237fa9de1bf7dda7aee7980c309b1e673ceaa595c1ef3eb0c0ab88753b5b
                                                      • Instruction Fuzzy Hash: CBB0923A15D200B7D5406E600E60BEE6488ABE6B80F01980622488808056A194A0A26B
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096BE4F4 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88dc3055e2237b6bb0004b14bf94c9227e745b964ea5f28fad997b59f7e94cde
                                                      • Instruction ID: 96292cad942c64684fe0c321c9b42855e38cad72032481a15bf703eb1a340e49
                                                      • Opcode Fuzzy Hash: 88dc3055e2237b6bb0004b14bf94c9227e745b964ea5f28fad997b59f7e94cde
                                                      • Instruction Fuzzy Hash: 76B012792F5200F75140BAE44C90B6F7141FFF1B40B80DC053204040648EF0986BA62F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B02E40 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f3d1864030d853c5576a69e66e5800e943f0bc21edb517417ddd659ad58ff22
                                                      • Instruction ID: 9619bda784ce7f51b4473c303ea0a6fa792c1a1cce511ddd3a85b7373b477112
                                                      • Opcode Fuzzy Hash: 6f3d1864030d853c5576a69e66e5800e943f0bc21edb517417ddd659ad58ff22
                                                      • Instruction Fuzzy Hash: 4FB092721A45098FC350AF68E848E6073A9EF48625B1180F0E1088BA33D632F8008A44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B3A50 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a083b1986e3d0c02936759ae6140e6caaed8b404ee7da1aa9fa73783577af030
                                                      • Instruction ID: 77d6bc45becae9ef439a36c415374e2bc21da4be06532ff9c86df53df32a6ead
                                                      • Opcode Fuzzy Hash: a083b1986e3d0c02936759ae6140e6caaed8b404ee7da1aa9fa73783577af030
                                                      • Instruction Fuzzy Hash: 7590023204464C8F458067D97809595775C96445267800056A60D525119E56745055A6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096B5044 Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463030148.00000000096B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4534629bc934eaa8f49acfd5dda62d375679bef636688a597c2aa9458994fc9b
                                                      • Instruction ID: 6a2e6bb14b30b2a8f1a26f6559120aeab3282deda069557ea502d99209532dcf
                                                      • Opcode Fuzzy Hash: 4534629bc934eaa8f49acfd5dda62d375679bef636688a597c2aa9458994fc9b
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BFEF2 Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d209159d346f3944b1e71a24de8742da3bb8bd0ba8dcc816da6b0c0eb55a8d81
                                                      • Instruction ID: 8b3801f31ceb4947ae8b7eb2221d8557dba7f41a1a0ec87d3434dcbb157e42c2
                                                      • Opcode Fuzzy Hash: d209159d346f3944b1e71a24de8742da3bb8bd0ba8dcc816da6b0c0eb55a8d81
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Non-executed Functions

                                                      Function 029CF560 Relevance: 1.7, Strings: 1, Instructions: 426COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: p\j
                                                      • API String ID: 0-3373503453
                                                      • Opcode ID: bac4b0e629a517ef85da9b436170cc4dc9bb3c4803360de9ee096c58d0258b31
                                                      • Instruction ID: 03fd046af4420e6afe2644ae7bb2b884b97bc001ada001223ebb6bcc8c3ff99a
                                                      • Opcode Fuzzy Hash: bac4b0e629a517ef85da9b436170cc4dc9bb3c4803360de9ee096c58d0258b31
                                                      • Instruction Fuzzy Hash: 7EE1AA717007048FDB29EB75C464BAEB7EBAF89704F20847ED1469B6A0DB35E901CB52
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09B03C10 Relevance: 1.6, Strings: 1, Instructions: 308COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1463966686.0000000009AF0000.00000040.00000800.00020000.00000000.sdmp, Offset: 09AF0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_9af0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: l
                                                      • API String ID: 0-2743524249
                                                      • Opcode ID: 2d36d03a0b6765c16170f1443589374f8a83d95fe162d1db54520031d30196e0
                                                      • Instruction ID: 384710256ec1f4de56a49ec570ab61270170b6140a0d948de0eb997e8125c269
                                                      • Opcode Fuzzy Hash: 2d36d03a0b6765c16170f1443589374f8a83d95fe162d1db54520031d30196e0
                                                      • Instruction Fuzzy Hash: 81C14E307006018FDB24DF29C899BAABBE6FFC4754F1485A9E416CB2E1DB75E881CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD42B9 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S%"
                                                      • API String ID: 0-4142662364
                                                      • Opcode ID: 2cf3464db2ecfd18af1895bf7f3de58da501983379f62ae9fe91e87989cf18b0
                                                      • Instruction ID: de16711caaa18019733da9ef9ed1eb11dfb44d1f62d95ee8cd14046e91e5dabb
                                                      • Opcode Fuzzy Hash: 2cf3464db2ecfd18af1895bf7f3de58da501983379f62ae9fe91e87989cf18b0
                                                      • Instruction Fuzzy Hash: 19218C33E191A5CB8B448E34958135BFAB7BBD53117A9C827C416DB346C334E810E791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD4156 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S%"
                                                      • API String ID: 0-4142662364
                                                      • Opcode ID: 73077e87171c3b1ca6c5e753b0b86cf017809f14a75133e2939fa4b2668e9dd8
                                                      • Instruction ID: c92e84b3fe4adbc2d8c5d06fcd9d63a240417aed7d527d21be5d853e3a1e54ec
                                                      • Opcode Fuzzy Hash: 73077e87171c3b1ca6c5e753b0b86cf017809f14a75133e2939fa4b2668e9dd8
                                                      • Instruction Fuzzy Hash: 80113833E25154CF9B848E64A58632AF6B7BB99301799C423C812EB755D330E910ABA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD40FE Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S%"
                                                      • API String ID: 0-4142662364
                                                      • Opcode ID: f03d0cb202abd64d28599103ff55cfd8c41189ba5eafb0cb5b4d4b98b3bf2cec
                                                      • Instruction ID: 6bfbb63980933cbcc42f2ea00760688266c02bac537cee1f714ca883ce86628f
                                                      • Opcode Fuzzy Hash: f03d0cb202abd64d28599103ff55cfd8c41189ba5eafb0cb5b4d4b98b3bf2cec
                                                      • Instruction Fuzzy Hash: 19115033E15114CB5B848E65E58636BF5B7BBC9301798C423C422EB354C734ED11BB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD40CF Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S%"
                                                      • API String ID: 0-4142662364
                                                      • Opcode ID: 101e4e1cc76c8616443e4517d58a535329b1a2924fed81a8d76cc4a959698bcf
                                                      • Instruction ID: 268f60f5a94f0bb080aa48806dcd9279be122b6d6c36aee21d50a486971a2f40
                                                      • Opcode Fuzzy Hash: 101e4e1cc76c8616443e4517d58a535329b1a2924fed81a8d76cc4a959698bcf
                                                      • Instruction Fuzzy Hash: 8A113A33E25118CB9B948E68E58636FB6B7BBC93017A8C423D422EB344C334E911A791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD418A Relevance: 1.3, Strings: 1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: S%"
                                                      • API String ID: 0-4142662364
                                                      • Opcode ID: ebcbf4e1e40b24b25de71b404c2b212e4841938822243c603bca117ffd808b4a
                                                      • Instruction ID: bf70f47af9da749f8bc9e0b6ff678d7a560f311f7ceaa827a3d86f24e98fa140
                                                      • Opcode Fuzzy Hash: ebcbf4e1e40b24b25de71b404c2b212e4841938822243c603bca117ffd808b4a
                                                      • Instruction Fuzzy Hash: 91117A33E24014CB9B848F64E58236AB2B7BBC93017A9D423C822EB744C334E910B7E1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029CAC48 Relevance: .5, Instructions: 548COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b70c32aa94e2139de1a24afaceef30fd21afcc3f8135495608f2a834152d3e96
                                                      • Instruction ID: b288814df591280306f0a6a36fd819ab6b779c4f8ceb06a2168fc43654c20d4d
                                                      • Opcode Fuzzy Hash: b70c32aa94e2139de1a24afaceef30fd21afcc3f8135495608f2a834152d3e96
                                                      • Instruction Fuzzy Hash: C632F574B002088FDB18DF69D598BADB7F6BF89705F2580A9E505AB361CB31ED01CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C6A9F Relevance: .3, Instructions: 345COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 077f8b133a240e5e026f1326a2b6241dd19e8adc7e90494cc642b3b602fee16d
                                                      • Instruction ID: fb5e50e902b0d16782234d4000fcbddf15063ad7c478b3fd8167cc8dae0e43e1
                                                      • Opcode Fuzzy Hash: 077f8b133a240e5e026f1326a2b6241dd19e8adc7e90494cc642b3b602fee16d
                                                      • Instruction Fuzzy Hash: 5AE12B74E002598FDB14DFA9C5809AEFBB2FF89308F2481A9D414AB356DB30AD41CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2B4280 Relevance: .3, Instructions: 322COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a0b8e2d75413ed23e75d880a30c8452429a840f5fae341c19624c262be679fc0
                                                      • Instruction ID: 34cbf3946f998a7d90cde8a3bb2559b83501a40a414f13a057b7adc938a8307a
                                                      • Opcode Fuzzy Hash: a0b8e2d75413ed23e75d880a30c8452429a840f5fae341c19624c262be679fc0
                                                      • Instruction Fuzzy Hash: 5BA19270B002145FEB48ABB984547BF26EBAFC9750F64853D901AEB384DF389C4297A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C97A8 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7cf9acde61df304ea99216a056ddfc4719925076caab58c8dfff216033728237
                                                      • Instruction ID: 87eda2eff7d429b946693c32488ddcb9a1c171b0711c20ee6d8a20981fd87ad0
                                                      • Opcode Fuzzy Hash: 7cf9acde61df304ea99216a056ddfc4719925076caab58c8dfff216033728237
                                                      • Instruction Fuzzy Hash: 93E11A74E002598FEB14DFA9C580AAEFBB2FF89304F248169D414AB355DB30AD41CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C8730 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a696fee533c41e601a23c43092fa7fa55df0003d6154d0e72a08b3c0d92911b0
                                                      • Instruction ID: b86d68482946ac02f7dff4504951c843fda95487d07b01863a7d0e2aafe6215d
                                                      • Opcode Fuzzy Hash: a696fee533c41e601a23c43092fa7fa55df0003d6154d0e72a08b3c0d92911b0
                                                      • Instruction Fuzzy Hash: 6AE10974E002598FDB14DFA9C580AAEFBB2FF89305F248169D418AB355DB30AD42CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C8B68 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e0eaad28b1e4e6fb3483b83a0bc3e3fca4a51cbed136d10fe82c2203dbf5964
                                                      • Instruction ID: 5d17a75dfa74ebfcad1b632b5d975f6112e950632921669117782f61903bc622
                                                      • Opcode Fuzzy Hash: 4e0eaad28b1e4e6fb3483b83a0bc3e3fca4a51cbed136d10fe82c2203dbf5964
                                                      • Instruction Fuzzy Hash: 6CE10B74E002598FDB14DFA9C580AAEFBB2FF89305F248169D414AB355DB30AD42CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C6F28 Relevance: .3, Instructions: 312COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 299cb625e49f244f553a749e62645a4b7678b4b4c80b4e5907dcf7d9ff73cf6c
                                                      • Instruction ID: 53ca1b2c75bb320744c066fc7758f0c469d08360a92cf0c6ebf8717e8ef8bcf3
                                                      • Opcode Fuzzy Hash: 299cb625e49f244f553a749e62645a4b7678b4b4c80b4e5907dcf7d9ff73cf6c
                                                      • Instruction Fuzzy Hash: A7E11A74E002598FDB14DFA9C580AAEFBB6FF89304F248169D414AB355DB30AD42CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 096A53D8 Relevance: .3, Instructions: 264COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1462960682.00000000096A0000.00000040.00000800.00020000.00000000.sdmp, Offset: 096A0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_96a0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b28cf1e4a24604d398db1ea6be2306ffd1fa1cbcc6e22f3479dce8f577c1ffe
                                                      • Instruction ID: 9a5c015714afcfb8aec271d1a7d009a53a3dfae6ea6289c620c4817bff6201f5
                                                      • Opcode Fuzzy Hash: 3b28cf1e4a24604d398db1ea6be2306ffd1fa1cbcc6e22f3479dce8f577c1ffe
                                                      • Instruction Fuzzy Hash: 6FD1C235D2065A8ACB10EF68D950ADDB7B5FF99300F10DB9AE0093B251EB706AC5CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C9798 Relevance: .1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c27d505799cda11ba7d3bb87caf3461c3ee0ddf397e6a9d734f48f1c2d833a41
                                                      • Instruction ID: 632b97eaf5583d9e8357da1271632e65d866cd6b624d9801cd494c4d46ec9a67
                                                      • Opcode Fuzzy Hash: c27d505799cda11ba7d3bb87caf3461c3ee0ddf397e6a9d734f48f1c2d833a41
                                                      • Instruction Fuzzy Hash: 8B510B71E042598FDB14CFA9C5815AEFBF2FF89304F2481A9D418AB315D7319942CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 029C8B58 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454991847.00000000029C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 029C0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_29c0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5bac80898893f819da892eafa1b2280d83d695dcd6f185d942b8f050583652b0
                                                      • Instruction ID: 190962fb901a297d1c201d8b4a690cca896c7ce58dcc2dbfd0b97ce6ffd77a65
                                                      • Opcode Fuzzy Hash: 5bac80898893f819da892eafa1b2280d83d695dcd6f185d942b8f050583652b0
                                                      • Instruction Fuzzy Hash: DE512C74E012598FDB14CFA9C5805AEFBF2FF89304F2481AAD418AB315DB319942CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD6810 Relevance: .1, Instructions: 116COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7bae00d7faab8d5fd8d84b2085e97f853d565affe850cd7f0e2734936d104cf3
                                                      • Instruction ID: c80c013eda38380565990725e5174b83d9abb25eae4a79c1a6a08237094b899a
                                                      • Opcode Fuzzy Hash: 7bae00d7faab8d5fd8d84b2085e97f853d565affe850cd7f0e2734936d104cf3
                                                      • Instruction Fuzzy Hash: 0D41C732A54605CFC754CB69CA85A66BBF7EF85310B18C86BD05BCB760D234E981EF11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD6820 Relevance: .1, Instructions: 111COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 016a8a72bef676e2b87e686ec34d080cf93cf24bbe56ee80e0cd41ad2b8f45d3
                                                      • Instruction ID: 9c843647d9c40d9e541c0d23257e8f68e36990b8381fd2fc944066e13af63354
                                                      • Opcode Fuzzy Hash: 016a8a72bef676e2b87e686ec34d080cf93cf24bbe56ee80e0cd41ad2b8f45d3
                                                      • Instruction Fuzzy Hash: 9741B432A54615CFC754CB69CA85A67BBF7EF84310B18C82BD15BCB720D234E981EB11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD7380 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 56dc542bad63b3493de9d55502068a1d7c61ac8ba49b9e8bdb3418b31813a95e
                                                      • Instruction ID: 32ec38a271034044bbacc77a9b858f3f9bbed1104b99efd475cdd917e94a989b
                                                      • Opcode Fuzzy Hash: 56dc542bad63b3493de9d55502068a1d7c61ac8ba49b9e8bdb3418b31813a95e
                                                      • Instruction Fuzzy Hash: A141B832F182198FCB40DF69C8855AEFBB6EF99300B258127D809EB755D234C901EB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00FD7390 Relevance: .1, Instructions: 103COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1454300455.0000000000FD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00FD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_fd0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d2310e9e1faa3c4c4678cce116be2ff3c731959139d529c40cebf28329a867e9
                                                      • Instruction ID: 1c2082edd34b58740ff7946f986518b726cf9667f39916e182287549f8564a2d
                                                      • Opcode Fuzzy Hash: d2310e9e1faa3c4c4678cce116be2ff3c731959139d529c40cebf28329a867e9
                                                      • Instruction Fuzzy Hash: 34317232F18219CFCB40DF59C9855AEFBF6EB98300B298127D809EB755D274D901ABA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BBF48 Relevance: 5.2, Strings: 4, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$@$B$B
                                                      • API String ID: 0-685577651
                                                      • Opcode ID: 978ce583cafb549a453c62438fde71ed7acdfcc5697e85130f274f588f66c16c
                                                      • Instruction ID: 3cf054be524c2e9f5b2596908e798a8f0fc9de74fda03b80bf37e1995f3e367c
                                                      • Opcode Fuzzy Hash: 978ce583cafb549a453c62438fde71ed7acdfcc5697e85130f274f588f66c16c
                                                      • Instruction Fuzzy Hash: 5D519371B106058FCB14DF68C8C49AAB7F6FF89390714456AE519CB7A1DB31EC46CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0B2BBF37 Relevance: 5.1, Strings: 4, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000001.00000002.1465446950.000000000B2B0000.00000040.00000800.00020000.00000000.sdmp, Offset: 0B2B0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_1_2_b2b0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: @$@$B$B
                                                      • API String ID: 0-685577651
                                                      • Opcode ID: 94356df244b30671b836e81f5500d719cb89dc75737ac2927f1453928539af75
                                                      • Instruction ID: 1fa779107fa482191a03ad3f617b2111444449fe4259909c5b3c4008ce29c18f
                                                      • Opcode Fuzzy Hash: 94356df244b30671b836e81f5500d719cb89dc75737ac2927f1453928539af75
                                                      • Instruction Fuzzy Hash: 5C218B71A202168FCB14CF69C8C8CEABBF5EF8939471541A7E515CB2A1DB31D941CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:11%
                                                      Dynamic/Decrypted Code Coverage:100%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:22
                                                      Total number of Limit Nodes:4
                                                      execution_graph 24393 15e0848 24394 15e084e 24393->24394 24395 15e091b 24394->24395 24397 15e1382 24394->24397 24399 15e138a 24397->24399 24398 15e1480 24398->24394 24399->24398 24401 15e7090 24399->24401 24402 15e709a 24401->24402 24405 15e70d7 24402->24405 24408 65dd390 24402->24408 24412 65dd3a0 24402->24412 24403 15e70b4 24403->24405 24416 65de32f 24403->24416 24405->24399 24409 65dd39a 24408->24409 24410 65dd5c6 24409->24410 24411 65dd5e0 GlobalMemoryStatusEx 24409->24411 24410->24403 24411->24409 24413 65dd3b5 24412->24413 24414 65dd5c6 24413->24414 24415 65dd5e0 GlobalMemoryStatusEx 24413->24415 24414->24403 24415->24413 24417 65de2eb GlobalMemoryStatusEx 24416->24417 24419 65de336 24416->24419 24418 65de2fe 24417->24418 24418->24405 24419->24405 24419->24419

                                                      Executed Functions

                                                      Function 015ECE8E Relevance: 2.2, Instructions: 2211COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: daac8cdc105e5092cc2abfa95b3af4bda5e29133632745212c6d7b694851ee84
                                                      • Instruction ID: 2a775a553b8bc3944e1c4fab5f9a5286f15ee0944c9a22ab4e9b97351a5bbb50
                                                      • Opcode Fuzzy Hash: daac8cdc105e5092cc2abfa95b3af4bda5e29133632745212c6d7b694851ee84
                                                      • Instruction Fuzzy Hash: 57232C31D107198EDB15EF68C8846ADF7B1FF99300F14D69AE458AB211EB70EAC5CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E3E80 Relevance: 1.5, Strings: 1, Instructions: 238COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1012 15e3e80-15e3ee6 1014 15e3ee8-15e3ef3 1012->1014 1015 15e3f30-15e3f32 1012->1015 1014->1015 1017 15e3ef5-15e3f01 1014->1017 1016 15e3f34-15e3f8c 1015->1016 1026 15e3f8e-15e3f99 1016->1026 1027 15e3fd6-15e3fd8 1016->1027 1018 15e3f24-15e3f2e 1017->1018 1019 15e3f03-15e3f0d 1017->1019 1018->1016 1020 15e3f0f 1019->1020 1021 15e3f11-15e3f20 1019->1021 1020->1021 1021->1021 1023 15e3f22 1021->1023 1023->1018 1026->1027 1029 15e3f9b-15e3fa7 1026->1029 1028 15e3fda-15e3ff2 1027->1028 1036 15e403c-15e403e 1028->1036 1037 15e3ff4-15e3fff 1028->1037 1030 15e3fca-15e3fd4 1029->1030 1031 15e3fa9-15e3fb3 1029->1031 1030->1028 1033 15e3fb7-15e3fc6 1031->1033 1034 15e3fb5 1031->1034 1033->1033 1035 15e3fc8 1033->1035 1034->1033 1035->1030 1039 15e4040-15e408e 1036->1039 1037->1036 1038 15e4001-15e400d 1037->1038 1040 15e400f-15e4019 1038->1040 1041 15e4030-15e403a 1038->1041 1047 15e4094-15e40a2 1039->1047 1042 15e401d-15e402c 1040->1042 1043 15e401b 1040->1043 1041->1039 1042->1042 1045 15e402e 1042->1045 1043->1042 1045->1041 1048 15e40ab-15e410b 1047->1048 1049 15e40a4-15e40aa 1047->1049 1056 15e410d-15e4111 1048->1056 1057 15e411b-15e411f 1048->1057 1049->1048 1056->1057 1058 15e4113 1056->1058 1059 15e412f-15e4133 1057->1059 1060 15e4121-15e4125 1057->1060 1058->1057 1061 15e4135-15e4139 1059->1061 1062 15e4143-15e4147 1059->1062 1060->1059 1063 15e4127-15e412a call 15e0ab8 1060->1063 1061->1062 1064 15e413b-15e413e call 15e0ab8 1061->1064 1065 15e4149-15e414d 1062->1065 1066 15e4157-15e415b 1062->1066 1063->1059 1064->1062 1065->1066 1069 15e414f-15e4152 call 15e0ab8 1065->1069 1070 15e415d-15e4161 1066->1070 1071 15e416b-15e416f 1066->1071 1069->1066 1070->1071 1073 15e4163 1070->1073 1074 15e417f 1071->1074 1075 15e4171-15e4175 1071->1075 1073->1071 1077 15e4180 1074->1077 1075->1074 1076 15e4177 1075->1076 1076->1074 1077->1077
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \V@j
                                                      • API String ID: 0-2511403591
                                                      • Opcode ID: 506c09545457580a7439509f9b7fec4e08fcf42676a8a2b6427630bd99c67c57
                                                      • Instruction ID: d32183c583c834c9f8f8ee9ea4e17cded15bb3e84372cc056f9579986569fcf2
                                                      • Opcode Fuzzy Hash: 506c09545457580a7439509f9b7fec4e08fcf42676a8a2b6427630bd99c67c57
                                                      • Instruction Fuzzy Hash: DF915A71E003498FDF18CFA9C88979EBBF2BF88714F148529E425EB294DB749845CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4A98 Relevance: .3, Instructions: 266COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a555341ac72081551e4c5e543aeacafdcf03af214794c1d7f43a5924288deca
                                                      • Instruction ID: b1865cee637e3e58dfe453615c9c9aa37083ff61717fef7b364b526e40497557
                                                      • Opcode Fuzzy Hash: 0a555341ac72081551e4c5e543aeacafdcf03af214794c1d7f43a5924288deca
                                                      • Instruction Fuzzy Hash: F9B18F71E002098FDF18CFA9C9897DDBBF2BF88714F148529D819EB294EB749841CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4810 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 49 15e4810-15e489c 52 15e489e-15e48a9 49->52 53 15e48e6-15e48e8 49->53 52->53 55 15e48ab-15e48b7 52->55 54 15e48ea-15e4902 53->54 62 15e494c-15e494e 54->62 63 15e4904-15e490f 54->63 56 15e48da-15e48e4 55->56 57 15e48b9-15e48c3 55->57 56->54 58 15e48c7-15e48d6 57->58 59 15e48c5 57->59 58->58 61 15e48d8 58->61 59->58 61->56 64 15e4950-15e4995 62->64 63->62 65 15e4911-15e491d 63->65 73 15e499b-15e49a9 64->73 66 15e491f-15e4929 65->66 67 15e4940-15e494a 65->67 69 15e492d-15e493c 66->69 70 15e492b 66->70 67->64 69->69 71 15e493e 69->71 70->69 71->67 74 15e49ab-15e49b1 73->74 75 15e49b2-15e4a0f 73->75 74->75 82 15e4a1f-15e4a23 75->82 83 15e4a11-15e4a15 75->83 85 15e4a25-15e4a29 82->85 86 15e4a33-15e4a37 82->86 83->82 84 15e4a17-15e4a1a call 15e0ab8 83->84 84->82 85->86 88 15e4a2b-15e4a2e call 15e0ab8 85->88 89 15e4a39-15e4a3d 86->89 90 15e4a47-15e4a4b 86->90 88->86 89->90 94 15e4a3f 89->94 91 15e4a4d-15e4a51 90->91 92 15e4a5b 90->92 91->92 95 15e4a53 91->95 96 15e4a5c 92->96 94->90 95->92 96->96
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \V@j$\V@j
                                                      • API String ID: 0-2365040983
                                                      • Opcode ID: a26385170c3df1895d143631ccbd34a6095ba96141464c5e161d455a8bbcda41
                                                      • Instruction ID: ee125c84a5296d6c166ade6a8775e9ef15888a24c2e139d1fcfb31697f8ec4b0
                                                      • Opcode Fuzzy Hash: a26385170c3df1895d143631ccbd34a6095ba96141464c5e161d455a8bbcda41
                                                      • Instruction Fuzzy Hash: F6717CB0E00349CFDB18DFA9C8887AEBBF2BF88714F148129E414EB250DB749841CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4804 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 0 15e4804-15e489c 4 15e489e-15e48a9 0->4 5 15e48e6-15e48e8 0->5 4->5 7 15e48ab-15e48b7 4->7 6 15e48ea-15e4902 5->6 14 15e494c-15e494e 6->14 15 15e4904-15e490f 6->15 8 15e48da-15e48e4 7->8 9 15e48b9-15e48c3 7->9 8->6 10 15e48c7-15e48d6 9->10 11 15e48c5 9->11 10->10 13 15e48d8 10->13 11->10 13->8 16 15e4950-15e4962 14->16 15->14 17 15e4911-15e491d 15->17 24 15e4969-15e4995 16->24 18 15e491f-15e4929 17->18 19 15e4940-15e494a 17->19 21 15e492d-15e493c 18->21 22 15e492b 18->22 19->16 21->21 23 15e493e 21->23 22->21 23->19 25 15e499b-15e49a9 24->25 26 15e49ab-15e49b1 25->26 27 15e49b2-15e4a0f 25->27 26->27 34 15e4a1f-15e4a23 27->34 35 15e4a11-15e4a15 27->35 37 15e4a25-15e4a29 34->37 38 15e4a33-15e4a37 34->38 35->34 36 15e4a17-15e4a1a call 15e0ab8 35->36 36->34 37->38 40 15e4a2b-15e4a2e call 15e0ab8 37->40 41 15e4a39-15e4a3d 38->41 42 15e4a47-15e4a4b 38->42 40->38 41->42 46 15e4a3f 41->46 43 15e4a4d-15e4a51 42->43 44 15e4a5b 42->44 43->44 47 15e4a53 43->47 48 15e4a5c 44->48 46->42 47->44 48->48
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \V@j$\V@j
                                                      • API String ID: 0-2365040983
                                                      • Opcode ID: 2ad48f589e82a660978290a2104691fd18cd690f8b917122e019603a010dec9a
                                                      • Instruction ID: 9251bc2216c0637cb27c61ba664f22746513dc2e4e28efa8ef38a6a68d7091e3
                                                      • Opcode Fuzzy Hash: 2ad48f589e82a660978290a2104691fd18cd690f8b917122e019603a010dec9a
                                                      • Instruction Fuzzy Hash: A6715AB1E00349DFDB18DFA9D88979EBBF2BF88714F148129E414EB250DB749841CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 065DE32F Relevance: 1.7, APIs: 1, Instructions: 154COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 708 65de32f-65de334 709 65de2eb-65de2fc GlobalMemoryStatusEx 708->709 710 65de336-65de35e 708->710 711 65de2fe-65de304 709->711 712 65de305-65de32d 709->712 714 65de360-65de363 710->714 711->712 715 65de38b-65de38e 714->715 716 65de365-65de386 714->716 719 65de3ea-65de3ed 715->719 720 65de390-65de3e5 715->720 716->715 722 65de3ef-65de3f3 719->722 723 65de3fe-65de401 719->723 720->719 724 65de77e-65de7b6 722->724 725 65de3f9 722->725 726 65de421-65de424 723->726 727 65de403-65de416 723->727 766 65de7c8 724->766 767 65de7b8-65de7c6 724->767 725->723 732 65de44c-65de44f 726->732 733 65de426-65de447 726->733 730 65de41c 727->730 731 65de4a5-65de4ac 727->731 730->726 734 65de4b1-65de4b4 731->734 735 65de45d-65de460 732->735 736 65de451-65de458 732->736 733->732 739 65de4b6-65de4bd 734->739 740 65de4c0-65de4c3 734->740 741 65de480-65de483 735->741 742 65de462-65de47b call 65d1b54 735->742 736->735 744 65de4d9-65de4dc 740->744 745 65de4c5-65de4ce 740->745 746 65de485-65de49b 741->746 747 65de4a0-65de4a3 741->747 742->741 751 65de4ff-65de502 744->751 752 65de4de-65de4fa 744->752 745->733 763 65de4d4 745->763 746->747 747->731 747->734 759 65de51d-65de520 751->759 760 65de504-65de518 751->760 752->751 761 65de53d-65de540 759->761 762 65de522-65de538 759->762 760->759 770 65de54a-65de54d 761->770 771 65de542-65de547 761->771 762->761 763->744 774 65de7d0-65de7e2 766->774 767->774 776 65de54f-65de556 770->776 777 65de561-65de564 770->777 771->770 796 65de7f4 774->796 797 65de7e4-65de7f2 774->797 776->724 780 65de55c 776->780 781 65de566-65de5ae 777->781 782 65de5b3-65de5b6 777->782 780->777 781->782 785 65de5ce-65de5d1 782->785 786 65de5b8-65de5c9 782->786 788 65de5e8-65de5eb 785->788 789 65de5d3-65de5e3 785->789 786->785 790 65de5ed-65de60a 788->790 791 65de60f-65de612 788->791 789->788 790->791 798 65de62a-65de62d 791->798 799 65de614-65de625 791->799 806 65de7fc-65de863 796->806 797->806 801 65de62f-65de664 798->801 802 65de669-65de66c 798->802 799->798 801->802 807 65de66e-65de67b 802->807 808 65de680-65de683 802->808 833 65de86a-65de877 806->833 807->808 808->722 809 65de689-65de68b 808->809 812 65de68d 809->812 813 65de692-65de695 809->813 812->813 813->714 816 65de69b-65de6aa 813->816 821 65de766-65de77b 816->821 822 65de6b0-65de760 call 65d1b54 816->822 821->724 822->821 836 65de879-65de87e 833->836 837 65de884 833->837 836->837 839 65de885 837->839 839->839
                                                      APIs
                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 065DE2EF
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2627369273.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_65d0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: GlobalMemoryStatus
                                                      • String ID:
                                                      • API String ID: 1890195054-0
                                                      • Opcode ID: fbb5728c8cbb74310b0f7a5cbc79328e99030a1431019b01292dc96da6ff5575
                                                      • Instruction ID: 2f283fa5f9fcebfca6f42db56bb9c3159b51c312f4ab9302e9fbe9774307bb65
                                                      • Opcode Fuzzy Hash: fbb5728c8cbb74310b0f7a5cbc79328e99030a1431019b01292dc96da6ff5575
                                                      • Instruction Fuzzy Hash: CA51D035A102689FEF30DB69C8847ADB7A5FB85310F248129E405DF391CB74AC45CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 065DE1A1 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 979 65de1a1-65de1bb 980 65de1bd-65de1e4 call 65dce50 979->980 981 65de1e5-65de204 call 65dce5c 979->981 987 65de20a-65de23d 981->987 988 65de206-65de209 981->988 993 65de23f-65de269 987->993 995 65de26f-65de284 993->995 996 65de26b-65de26e 993->996 995->993 998 65de286-65de2fc GlobalMemoryStatusEx 995->998 1001 65de2fe-65de304 998->1001 1002 65de305-65de32d 998->1002 1001->1002
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2627369273.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_65d0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b2ac84f36a46deb6201f4f0320294e15fc07951de448d1c48583c50082602cfa
                                                      • Instruction ID: 23b14aaf040aa57a375499eb88f4939d3986bd362199be5aafc9123673b1accb
                                                      • Opcode Fuzzy Hash: b2ac84f36a46deb6201f4f0320294e15fc07951de448d1c48583c50082602cfa
                                                      • Instruction Fuzzy Hash: AE413472D043868FDB15CFB9D8513DABBF5FF89210F14856AD414AB291DB389984CBD0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 065DE288 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1005 65de288-65de2e4 1007 65de2eb-65de2fc GlobalMemoryStatusEx 1005->1007 1008 65de2fe-65de304 1007->1008 1009 65de305-65de32d 1007->1009 1008->1009
                                                      APIs
                                                      • GlobalMemoryStatusEx.KERNELBASE ref: 065DE2EF
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2627369273.00000000065D0000.00000040.00000800.00020000.00000000.sdmp, Offset: 065D0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_65d0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID: GlobalMemoryStatus
                                                      • String ID:
                                                      • API String ID: 1890195054-0
                                                      • Opcode ID: 4062b852e76c9f0d0e48d4d9247505b911d372b1ac4bb5dd565a8d9a92513363
                                                      • Instruction ID: 9273b930430b35e4cd5aead11b0ddf52e462557d310d9c5db2310a52b549f09e
                                                      • Opcode Fuzzy Hash: 4062b852e76c9f0d0e48d4d9247505b911d372b1ac4bb5dd565a8d9a92513363
                                                      • Instruction Fuzzy Hash: AD1112B1C006599BDB10DFAAC845BDEFBF4BF48220F11812AE818A7241D378A940CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E3E74 Relevance: 1.5, Strings: 1, Instructions: 235COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 1078 15e3e74-15e3ee6 1081 15e3ee8-15e3ef3 1078->1081 1082 15e3f30-15e3f32 1078->1082 1081->1082 1084 15e3ef5-15e3f01 1081->1084 1083 15e3f34-15e3f8c 1082->1083 1093 15e3f8e-15e3f99 1083->1093 1094 15e3fd6-15e3fd8 1083->1094 1085 15e3f24-15e3f2e 1084->1085 1086 15e3f03-15e3f0d 1084->1086 1085->1083 1087 15e3f0f 1086->1087 1088 15e3f11-15e3f20 1086->1088 1087->1088 1088->1088 1090 15e3f22 1088->1090 1090->1085 1093->1094 1096 15e3f9b-15e3fa7 1093->1096 1095 15e3fda-15e3ff2 1094->1095 1103 15e403c-15e403e 1095->1103 1104 15e3ff4-15e3fff 1095->1104 1097 15e3fca-15e3fd4 1096->1097 1098 15e3fa9-15e3fb3 1096->1098 1097->1095 1100 15e3fb7-15e3fc6 1098->1100 1101 15e3fb5 1098->1101 1100->1100 1102 15e3fc8 1100->1102 1101->1100 1102->1097 1106 15e4040-15e4052 1103->1106 1104->1103 1105 15e4001-15e400d 1104->1105 1107 15e400f-15e4019 1105->1107 1108 15e4030-15e403a 1105->1108 1113 15e4059-15e408e 1106->1113 1109 15e401d-15e402c 1107->1109 1110 15e401b 1107->1110 1108->1106 1109->1109 1112 15e402e 1109->1112 1110->1109 1112->1108 1114 15e4094-15e40a2 1113->1114 1115 15e40ab-15e410b 1114->1115 1116 15e40a4-15e40aa 1114->1116 1123 15e410d-15e4111 1115->1123 1124 15e411b-15e411f 1115->1124 1116->1115 1123->1124 1125 15e4113 1123->1125 1126 15e412f-15e4133 1124->1126 1127 15e4121-15e4125 1124->1127 1125->1124 1128 15e4135-15e4139 1126->1128 1129 15e4143-15e4147 1126->1129 1127->1126 1130 15e4127-15e412a call 15e0ab8 1127->1130 1128->1129 1131 15e413b-15e413e call 15e0ab8 1128->1131 1132 15e4149-15e414d 1129->1132 1133 15e4157-15e415b 1129->1133 1130->1126 1131->1129 1132->1133 1136 15e414f-15e4152 call 15e0ab8 1132->1136 1137 15e415d-15e4161 1133->1137 1138 15e416b-15e416f 1133->1138 1136->1133 1137->1138 1140 15e4163 1137->1140 1141 15e417f 1138->1141 1142 15e4171-15e4175 1138->1142 1140->1138 1144 15e4180 1141->1144 1142->1141 1143 15e4177 1142->1143 1143->1141 1144->1144
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: \V@j
                                                      • API String ID: 0-2511403591
                                                      • Opcode ID: 29e6792e49ca19d261915bbf1df9354052d17076cd0f5ec13365902556882075
                                                      • Instruction ID: 1bdc8f1ae41691b3a561b09d335e3811a1e858b70a73b29d09a17f1832900cd9
                                                      • Opcode Fuzzy Hash: 29e6792e49ca19d261915bbf1df9354052d17076cd0f5ec13365902556882075
                                                      • Instruction Fuzzy Hash: 91914871E002498FDF19CFA9D88979EBBF2BF88714F148129E424EB294DB749845CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E790A Relevance: .6, Instructions: 554COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1138995447a8bd451378698fd14a0ec208a2a71e53fedf86c682930468d97fd1
                                                      • Instruction ID: 82f7469ab91d08e0e34a7d56d0942dc7b061bca3390a794535851263b5e48586
                                                      • Opcode Fuzzy Hash: 1138995447a8bd451378698fd14a0ec208a2a71e53fedf86c682930468d97fd1
                                                      • Instruction Fuzzy Hash: 42125F30B106169BDB3AEF38E89426D72A2FBC9750B105A68D505CF355CFB1EC46CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E0CC5 Relevance: .6, Instructions: 554COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 2636 15e0cc5-15e0cc9 2637 15e0ccb-15e0cd2 2636->2637 2638 15e0ca9 2636->2638 2640 15e7dc3-15e7dc6 2638->2640 2641 15e7dc8-15e7dee 2640->2641 2642 15e7df3-15e7df6 2640->2642 2641->2642 2643 15e7df8-15e7e1e 2642->2643 2644 15e7e23-15e7e26 2642->2644 2643->2644 2645 15e7e28-15e7e4e 2644->2645 2646 15e7e53-15e7e56 2644->2646 2645->2646 2648 15e7e58-15e7e7e 2646->2648 2649 15e7e83-15e7e86 2646->2649 2648->2649 2651 15e7e88-15e7eae 2649->2651 2652 15e7eb3-15e7eb6 2649->2652 2651->2652 2655 15e7eb8-15e7ede 2652->2655 2656 15e7ee3-15e7ee6 2652->2656 2655->2656 2660 15e7ee8-15e7f0e 2656->2660 2661 15e7f13-15e7f16 2656->2661 2660->2661 2664 15e7f18-15e7f3e 2661->2664 2665 15e7f43-15e7f46 2661->2665 2664->2665 2670 15e7f48-15e7f6e 2665->2670 2671 15e7f73-15e7f76 2665->2671 2670->2671 2674 15e7f78-15e7f9e 2671->2674 2675 15e7fa3-15e7fa6 2671->2675 2674->2675 2680 15e7fa8-15e7fce 2675->2680 2681 15e7fd3-15e7fd6 2675->2681 2680->2681 2684 15e7fd8-15e7ffe 2681->2684 2685 15e8003-15e8006 2681->2685 2684->2685 2690 15e8008-15e802e 2685->2690 2691 15e8033-15e8036 2685->2691 2690->2691 2694 15e8038-15e805e 2691->2694 2695 15e8063-15e8066 2691->2695 2694->2695 2700 15e8068-15e808e 2695->2700 2701 15e8093-15e8096 2695->2701 2700->2701 2704 15e8098-15e80be 2701->2704 2705 15e80c3-15e80c6 2701->2705 2704->2705 2710 15e80c8 2705->2710 2711 15e80d3-15e80d5 2705->2711 2722 15e80ce 2710->2722 2717 15e80dc-15e80df 2711->2717 2718 15e80d7 2711->2718 2720 15e80e5-15e80eb 2717->2720 2721 15e7921-15e7924 2717->2721 2718->2717 2724 15e7926-15e793c 2721->2724 2725 15e7941-15e7944 2721->2725 2722->2711 2724->2725 2729 15e7946-15e796c 2725->2729 2730 15e7971-15e7974 2725->2730 2729->2730 2731 15e7976-15e799c 2730->2731 2732 15e79a1-15e79a4 2730->2732 2731->2732 2735 15e79a6-15e79cc 2732->2735 2736 15e79d1-15e79d4 2732->2736 2735->2736 2738 15e79d6-15e79fc 2736->2738 2739 15e7a01-15e7a04 2736->2739 2738->2739 2742 15e7a06-15e7a2c 2739->2742 2743 15e7a31-15e7a34 2739->2743 2742->2743 2746 15e7a36-15e7a5c 2743->2746 2747 15e7a61-15e7a64 2743->2747 2746->2747 2750 15e7a66-15e7a8c 2747->2750 2751 15e7a91-15e7a94 2747->2751 2750->2751 2755 15e7a96-15e7abc 2751->2755 2756 15e7ac1-15e7ac4 2751->2756 2755->2756 2760 15e7ac6-15e7aec 2756->2760 2761 15e7af1-15e7af4 2756->2761 2760->2761 2765 15e7af6-15e7af8 2761->2765 2766 15e7b05-15e7b08 2761->2766 2853 15e7afa call 15e9203 2765->2853 2854 15e7afa call 15e9150 2765->2854 2855 15e7afa call 15e9160 2765->2855 2770 15e7b0a-15e7b30 2766->2770 2771 15e7b35-15e7b38 2766->2771 2770->2771 2778 15e7b3a-15e7b60 2771->2778 2779 15e7b65-15e7b68 2771->2779 2775 15e7b00 2775->2766 2778->2779 2780 15e7b6a-15e7b90 2779->2780 2781 15e7b95-15e7b98 2779->2781 2780->2781 2786 15e7b9a-15e7bc0 2781->2786 2787 15e7bc5-15e7bc8 2781->2787 2786->2787 2789 15e7bca-15e7bf0 2787->2789 2790 15e7bf5-15e7bf8 2787->2790 2789->2790 2795 15e7bfa-15e7c0e 2790->2795 2796 15e7c13-15e7c16 2790->2796 2795->2796 2798 15e7c18-15e7c3e 2796->2798 2799 15e7c43-15e7c46 2796->2799 2798->2799 2805 15e7c48-15e7c6e 2799->2805 2806 15e7c73-15e7c76 2799->2806 2805->2806 2808 15e7c78-15e7c9e 2806->2808 2809 15e7ca3-15e7ca6 2806->2809 2808->2809 2815 15e7ca8-15e7cce 2809->2815 2816 15e7cd3-15e7cd6 2809->2816 2815->2816 2818 15e7cd8-15e7cfe 2816->2818 2819 15e7d03-15e7d06 2816->2819 2818->2819 2823 15e7d08-15e7d2e 2819->2823 2824 15e7d33-15e7d36 2819->2824 2823->2824 2827 15e7d38-15e7d5e 2824->2827 2828 15e7d63-15e7d66 2824->2828 2827->2828 2833 15e7d68-15e7d8e 2828->2833 2834 15e7d93-15e7d96 2828->2834 2833->2834 2834->2640 2837 15e7d98-15e7dbe 2834->2837 2837->2640 2853->2775 2854->2775 2855->2775
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 250a6226dfe36d6d244ef0de74aeed9ad029b6b11177e3daab94338b860c8847
                                                      • Instruction ID: 7ba233b9c1977b804bffdbe7591b914c99b004242b4811394c376713244b6908
                                                      • Opcode Fuzzy Hash: 250a6226dfe36d6d244ef0de74aeed9ad029b6b11177e3daab94338b860c8847
                                                      • Instruction Fuzzy Hash: FE125D30B106169BDB3AEF38E89426D72A2FBC9B50B105A68D505CF355CFB1EC46CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E9364 Relevance: .4, Instructions: 373COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27e023132a1b1b1061180efecc9716799bead8ecc47920882088dd75c6479226
                                                      • Instruction ID: c6907c6638dc85e9b421cc577365c5594866fcd9311fa3259d35b3b9588e9ed4
                                                      • Opcode Fuzzy Hash: 27e023132a1b1b1061180efecc9716799bead8ecc47920882088dd75c6479226
                                                      • Instruction Fuzzy Hash: 73D17D34E002089FDB19DF68D494AAEBBF2FB89714F248469E906EB391DB74DC41CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E96E0 Relevance: .4, Instructions: 350COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5b1f7f562d7ea892c845a65355c96a7a80d094791232ea5af8a1a377de71cf93
                                                      • Instruction ID: fd6c6abc166afc4bf91638d02a93e3b19a9cd6eee910f2f29bfae5014144a684
                                                      • Opcode Fuzzy Hash: 5b1f7f562d7ea892c845a65355c96a7a80d094791232ea5af8a1a377de71cf93
                                                      • Instruction Fuzzy Hash: 33C18C75E002058FDB18DF68D8847AEBBF2FB85314F208569D909EB395D774D844CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4A8C Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14092dca40893ca3fa2543d103a2e2435ce61bdcbe516592382f54a5364055bd
                                                      • Instruction ID: 7cbec60a89a8bff3d332f416ae1ccac3ba908bd28bf2d1cb81af8fb190697d29
                                                      • Opcode Fuzzy Hash: 14092dca40893ca3fa2543d103a2e2435ce61bdcbe516592382f54a5364055bd
                                                      • Instruction Fuzzy Hash: 5EA16D71E002098FDF18CFA8D9897DDBBF1BF88714F148529D819EB294EB759841CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E6ED7 Relevance: .2, Instructions: 157COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 34926bff6cb87094b62192a12102e4c5722645207d1fed4b46d28797764136f6
                                                      • Instruction ID: 5cfe0873f61d88aaacbc19bd0614c0e15bd096978d7b9b33ce03b575aacef600
                                                      • Opcode Fuzzy Hash: 34926bff6cb87094b62192a12102e4c5722645207d1fed4b46d28797764136f6
                                                      • Instruction Fuzzy Hash: 3351A231E002099FDB19DF68C85879EBBF2FF89350F20846AE411EF291DB759845CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E6CDD Relevance: .1, Instructions: 137COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 30ea717b11a9984260a05fb09e9ab633cc1e47fb712690f2da0777edfe5c8d36
                                                      • Instruction ID: cdd99181bc219e2ebe3649370856a019e7cbf9b3fbbe78661bee7006d48bd8b1
                                                      • Opcode Fuzzy Hash: 30ea717b11a9984260a05fb09e9ab633cc1e47fb712690f2da0777edfe5c8d36
                                                      • Instruction Fuzzy Hash: 86512271D002188FDB18CFA9C888BDEBBF1FF58710F548169E815AB391D775A844CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E6CE8 Relevance: .1, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 433f63420402fa394a1ccdd07b6250e7a267eb48cb2d1883ed346ccf4d189daf
                                                      • Instruction ID: 2aa8d61671af182da2d847bdf145c71baeafd515e41045c76df905c262552555
                                                      • Opcode Fuzzy Hash: 433f63420402fa394a1ccdd07b6250e7a267eb48cb2d1883ed346ccf4d189daf
                                                      • Instruction Fuzzy Hash: A9510271D002188FDB18CFA9C888B9EBBF1BF58710F548529E815BB391DB74A844CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E112A Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 78bed9fb8a38039bf07a0e8107284fa876192aaa7af470a9f3c410b99923e30e
                                                      • Instruction ID: a46708ec5428ba58d6e54c7d95b7dd20fc53b21f018ed3cd94180272e268d7a8
                                                      • Opcode Fuzzy Hash: 78bed9fb8a38039bf07a0e8107284fa876192aaa7af470a9f3c410b99923e30e
                                                      • Instruction Fuzzy Hash: FF51307D5032A29FDF06FB2AF981A543BB6F7D67047408B69D2044B22EDBB07905DB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015EF2CD Relevance: .1, Instructions: 113COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f7a09aab15da034a902369b956713f0b00402808cdda5b2f3a9692715264e500
                                                      • Instruction ID: 0cdb6e8f0f8225729b05308fa8828e9e8006924ce1ab3e0c1044f96f406ce5b3
                                                      • Opcode Fuzzy Hash: f7a09aab15da034a902369b956713f0b00402808cdda5b2f3a9692715264e500
                                                      • Instruction Fuzzy Hash: CA31FF30B002089BDB1A9A38D5686AE7BE2BBC8B50F64446ED406DB385DF35CC46C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1138 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2d5ba9d241f5a6fc4353b3717758962b7e1bf3cf49049d9518919a3d67d1cbe9
                                                      • Instruction ID: 3432a317dd31b1d375fa8f0e70d6d003c347c637f1effaaabcd83df886bf93e9
                                                      • Opcode Fuzzy Hash: 2d5ba9d241f5a6fc4353b3717758962b7e1bf3cf49049d9518919a3d67d1cbe9
                                                      • Instruction Fuzzy Hash: 15510E7D6032A29FDF06FB2AF981A543BB5F7D57047408B69D2004B22EDBB07905DB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015EF190 Relevance: .1, Instructions: 97COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 76c5b39d5f5a0b700a7ddeb1b2ac8c42cb5b772f776d575a7944020a6ca649a6
                                                      • Instruction ID: 3c408c63aeb94f0a0381a26c187e619e4810033a6e42ea8e2bd4b9dc3db88ff4
                                                      • Opcode Fuzzy Hash: 76c5b39d5f5a0b700a7ddeb1b2ac8c42cb5b772f776d575a7944020a6ca649a6
                                                      • Instruction Fuzzy Hash: D6316135E102099BDB19CFA9D89569EBBF2FF89300F108919E805EB340DF71E982CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E6F78 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3b41a56028e292a6df0be8f732843604a115729b82c3deba130ba25fc76a8fbd
                                                      • Instruction ID: 095edf7d123757404350f71c3f574a5c9be6c70e43c1b00ad6424e22327f908e
                                                      • Opcode Fuzzy Hash: 3b41a56028e292a6df0be8f732843604a115729b82c3deba130ba25fc76a8fbd
                                                      • Instruction Fuzzy Hash: 50318134E10219CBDB19CFA8C85479EBBF2FF89350F208566E411FB244EB71A941CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E26DE Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c9419a9a8a3bce728fb25e4226676ce44b04403dbc81f16be370c1fd82aeadb8
                                                      • Instruction ID: 587bafec5524a4bc5f28b516c1f679123b0a17d07a045b33bee5c70ca4ed5780
                                                      • Opcode Fuzzy Hash: c9419a9a8a3bce728fb25e4226676ce44b04403dbc81f16be370c1fd82aeadb8
                                                      • Instruction Fuzzy Hash: 4841F275D003489FEB14DFA9C884ADEBBF9FF48310F248429E419AB254DB75A945CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015EF1A0 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 018b4ab4fae59a3852eb1ec4c826f9c5b6bf03d6995744b4173af72f32f64673
                                                      • Instruction ID: 430785c36d6edb2c036e561d58947ca9731135350985da292cd89c1adbe75d18
                                                      • Opcode Fuzzy Hash: 018b4ab4fae59a3852eb1ec4c826f9c5b6bf03d6995744b4173af72f32f64673
                                                      • Instruction Fuzzy Hash: CE314235E106199BDB19CFA9D89469EBBF2FF89300F108519E805EB350DF71AD82CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E5097 Relevance: .1, Instructions: 91COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd014b845c749ef105a731658c11a5d308d7b54c549642fdda78d1d86224f9a3
                                                      • Instruction ID: e1d8eb810938f58dfc168a7207ef12bb1a9443f58414f0cb927e5781695ef8df
                                                      • Opcode Fuzzy Hash: dd014b845c749ef105a731658c11a5d308d7b54c549642fdda78d1d86224f9a3
                                                      • Instruction Fuzzy Hash: D5315038A112158FDB1DEB38C8586AE7BF2BF89348F1005A8C541AF355EB36DC41CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E26E8 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e4123d2c5d5a8199eb2646957a3de2381f0b617b6fd8ff943ca7b3a7c990f32c
                                                      • Instruction ID: 67686e6058b08d95120b449f5ce6fcd547be75bd9df9d60fa7c2d959b10e8f23
                                                      • Opcode Fuzzy Hash: e4123d2c5d5a8199eb2646957a3de2381f0b617b6fd8ff943ca7b3a7c990f32c
                                                      • Instruction Fuzzy Hash: A941EFB4D003489FEB14DFA9C884ADEBBF9FF48310F10842AE419AB254DB75A945CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E50A8 Relevance: .1, Instructions: 89COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd3a09d69705f5127e13b2550f2eda1569ebd9809b45dca7758378f5b4f19eaa
                                                      • Instruction ID: 9043f01856f3fe5347ed59f2539f08b48f0a0c6d237841757bbddad5a7cdbd62
                                                      • Opcode Fuzzy Hash: dd3a09d69705f5127e13b2550f2eda1569ebd9809b45dca7758378f5b4f19eaa
                                                      • Instruction Fuzzy Hash: A7314D38B012168FDB1DEB38C95869E7BF2BB89648F100568D502AB394EF36DC41CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E9250 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3e369f969ebf3e9c59eb3f8dbf03e896ede5de05d843c67f764a3ae66740d0d1
                                                      • Instruction ID: c778f469dd800e38953d3a64a4f5e9c57d51d1ffc685ba1235dce5e8440c86a7
                                                      • Opcode Fuzzy Hash: 3e369f969ebf3e9c59eb3f8dbf03e896ede5de05d843c67f764a3ae66740d0d1
                                                      • Instruction Fuzzy Hash: E9319831E002099BDF09CFA9D49469EF7F2FF89314F248619E805EB341DB719942CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E9260 Relevance: .1, Instructions: 78COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 50e44ddc8b049453d8d800c8088c98f16dd9abf2267f0f2eff74796582833dfe
                                                      • Instruction ID: 1cb3c85f3018ab3adcc928dd63b7967aecb7aa53c2af882208d3ad6373ab5bca
                                                      • Opcode Fuzzy Hash: 50e44ddc8b049453d8d800c8088c98f16dd9abf2267f0f2eff74796582833dfe
                                                      • Instruction Fuzzy Hash: 53216531E102199BDF09CFA9D49469EF7F2FF89304F208619E805EB341DB719986CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1382 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9443431808f0466cd1816e7f604abd1609c2bd8207f8c4b3151fed638954dcf2
                                                      • Instruction ID: 0d8351c72c64f93b026436a2cac150b12159c2f961d54bb5cad5e7ad85cd5168
                                                      • Opcode Fuzzy Hash: 9443431808f0466cd1816e7f604abd1609c2bd8207f8c4b3151fed638954dcf2
                                                      • Instruction Fuzzy Hash: 6121A134E01A114BEB3B5A28ECCC76D36E5F746326F101869E406CB386DA788C858742
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E9150 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a130edf631c4c31716004eefa762740ce6106c9f07a7bda9f625979f63ad9ae7
                                                      • Instruction ID: a6d3a9063d6c51f68f7b406583082fa8acfc1271bc6a34ea127382d175f6ca1c
                                                      • Opcode Fuzzy Hash: a130edf631c4c31716004eefa762740ce6106c9f07a7bda9f625979f63ad9ae7
                                                      • Instruction Fuzzy Hash: 75217171E002059BDF1DCFA4D4585DEB7F2BF89304F20851AE811AB351EBB19941CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E169F Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6a1050e2efd3ca309b6018b38d8a5cb96dec367979c93099e9cc4c6a36dd056a
                                                      • Instruction ID: e316913a2dda7c597fcd25c12cd6370254eb99e71ea7a8e02ced846ce5c2e494
                                                      • Opcode Fuzzy Hash: 6a1050e2efd3ca309b6018b38d8a5cb96dec367979c93099e9cc4c6a36dd056a
                                                      • Instruction Fuzzy Hash: 8F214178A006105FEF26EB3DEC88B6E3796F7C5B54F104625D006CF25AEB7498458B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4F8A Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75a590c0243dc201ded89a64b5cf03c9e73dba5013dd336e604a504f30629477
                                                      • Instruction ID: ec88d7d7c4596c68d55222a89dcf3d48d5a8dcb1d1040ac19a903ac1201fbe80
                                                      • Opcode Fuzzy Hash: 75a590c0243dc201ded89a64b5cf03c9e73dba5013dd336e604a504f30629477
                                                      • Instruction Fuzzy Hash: 3E215A34B002058FDB18EB79C958B9E7BF1FB89704F100468E406EB3A4EB769D00CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0134D030 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2609589754.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_134d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1acc63635e5584ebecb4b93562be9e82b20510da55d87ea1cc39af9e1b59678e
                                                      • Instruction ID: 3ec2a91993c9081c38d2974958046cfabd78aad2f7a191d1feb64f1f58e1fb3e
                                                      • Opcode Fuzzy Hash: 1acc63635e5584ebecb4b93562be9e82b20510da55d87ea1cc39af9e1b59678e
                                                      • Instruction Fuzzy Hash: DD2134B1604304EFDB11DF94D9C0B26BBE5FB94318F20C56DE8090B646C336E447CA62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E9160 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8439e9a9aff8d6e7b8bd8c5dfe3a0cad2b2924dcfab6fa338be0884d59fa0786
                                                      • Instruction ID: 2806f16d2e800692f0dc5fa7e901451106792a0b378fefa6ee8d9d44b891713c
                                                      • Opcode Fuzzy Hash: 8439e9a9aff8d6e7b8bd8c5dfe3a0cad2b2924dcfab6fa338be0884d59fa0786
                                                      • Instruction Fuzzy Hash: A2216D31E002099BDF0DCFA9D85859EF7F6BF89304F20861AE815AB340EBB09941CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E16B0 Relevance: .1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3d63a7284bdb08c30d131f099bd35b1e3442d6d1f87ee17b2f0a73e3ce8b6a83
                                                      • Instruction ID: fec26eb48ab9f4cab5da601711d80ef0cabd64222b0a986a0ac1c91189e9e3a5
                                                      • Opcode Fuzzy Hash: 3d63a7284bdb08c30d131f099bd35b1e3442d6d1f87ee17b2f0a73e3ce8b6a83
                                                      • Instruction Fuzzy Hash: B1211278A005105FEF26EB3DECC8B6D3796F7C5B54F104A25D006CF25AEB7498458B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1878 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 19da8be72fc992c7f980baba1527711e7d5d6230fadcb6d27192c67bbbb65baa
                                                      • Instruction ID: db3671d535a941d0d967833e8b2c0c4c2e1edbcd12b6526416f95b560fd7f176
                                                      • Opcode Fuzzy Hash: 19da8be72fc992c7f980baba1527711e7d5d6230fadcb6d27192c67bbbb65baa
                                                      • Instruction Fuzzy Hash: FE218E31B046158FDB59EB38C9987AE7BF2BF89240B100568C506DF255EB369D41CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E4F98 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c10f415b0fd0182000df97d9dd30c6f6bcb22047d037b8f6e8d8b40ee3648ab5
                                                      • Instruction ID: cc4a9764394a8eec96994b2d8590168f41d237d6c2a8ec1ec1128eff254a28c6
                                                      • Opcode Fuzzy Hash: c10f415b0fd0182000df97d9dd30c6f6bcb22047d037b8f6e8d8b40ee3648ab5
                                                      • Instruction Fuzzy Hash: E4211934B002158FDB58EB79C95CAAE7BF5FB89704F104468E506EB365EB769D00CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E0848 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64c9bec3b7a9ef4c88d5e0e45faebd143276798ea2c9e26bc5511369f2e59763
                                                      • Instruction ID: d0daca476743802a4f1216d54cdc1f51c7ba3edc7915b306794186a81e08888c
                                                      • Opcode Fuzzy Hash: 64c9bec3b7a9ef4c88d5e0e45faebd143276798ea2c9e26bc5511369f2e59763
                                                      • Instruction Fuzzy Hash: 64114270F082185BDF6E6A7DC85876D72D5FB85614F504939F006CF296DAA1CC468BC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E0838 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2100b2fb52634531f410d46c0907dfa2568a7b347a36ff06aa3530308f2cb4f7
                                                      • Instruction ID: b50cf9606d065437ce063486a4b2ddc1506840e845d409b10f30e10acafdfbae
                                                      • Opcode Fuzzy Hash: 2100b2fb52634531f410d46c0907dfa2568a7b347a36ff06aa3530308f2cb4f7
                                                      • Instruction Fuzzy Hash: 34114C70F082185BEF2A6A69C85836E32D5F781624F548939F406DF2C6DAA5C8868BC1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1888 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8604ec3db640c96fc7988310665aa59c559973eb1aba13045000ce8c239dbeef
                                                      • Instruction ID: a0cef7a840881b3550f90fa0dd4ac01c19b997982d2998d5ed48aec1964e494f
                                                      • Opcode Fuzzy Hash: 8604ec3db640c96fc7988310665aa59c559973eb1aba13045000ce8c239dbeef
                                                      • Instruction Fuzzy Hash: BE116730B006158FDB59EB78C998BAE7BF2BB89240B100578C506EF354EF369D41CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E17C2 Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 467d3fd2ca54a44f7129c5909d6c13b9cdcc7bbe497df9c44feeadc36edcbd7d
                                                      • Instruction ID: cc64f54c72ddfc5c69888ab6e8d52ce8560f8dd3b4ef984ab828ce998b5f3ae1
                                                      • Opcode Fuzzy Hash: 467d3fd2ca54a44f7129c5909d6c13b9cdcc7bbe497df9c44feeadc36edcbd7d
                                                      • Instruction Fuzzy Hash: E611C875F016259FCF24AF799C4876E7BE9FB88660F104936D906E7344EB38D8118790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E6BA1 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ded21cf288cb5267d251522442bfd1ec48c8fd7acb9cad88b054afa182e3a4b
                                                      • Instruction ID: a4a89f3172698b217c95b2c83258c5bda97e138baec070444f87b8197703b258
                                                      • Opcode Fuzzy Hash: 8ded21cf288cb5267d251522442bfd1ec48c8fd7acb9cad88b054afa182e3a4b
                                                      • Instruction Fuzzy Hash: 1C11E1317046448FC315AB78D8507AEBBA6EF8A711F2484AED109CB291DE368C46C7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1488 Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ffa296577acf4d3a151f5ebff8ac726fde03ccdb364086ef4d88754df26b6918
                                                      • Instruction ID: 544f4ebcab175dff9ec4a352f39ea077829cff6d2674c82017f5af09fecc4cec
                                                      • Opcode Fuzzy Hash: ffa296577acf4d3a151f5ebff8ac726fde03ccdb364086ef4d88754df26b6918
                                                      • Instruction Fuzzy Hash: 81118671F107268BCF19EFBC849859EBBF5FB48214F14047AE815EB341E635C8418B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1498 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ea6db7977c6a003bc2fdce10818a104471a7e5f5877f0d4af8867285d033124a
                                                      • Instruction ID: dc43994ac8358fcd1fdf51a51fdf4d75137fbf5ae46c1613ed31c0515fad4e97
                                                      • Opcode Fuzzy Hash: ea6db7977c6a003bc2fdce10818a104471a7e5f5877f0d4af8867285d033124a
                                                      • Instruction Fuzzy Hash: AE012171F006269BCF19EFB8849859E7BF5FB48214F14047AD415EB341E635C8418B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0134D02B Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2609589754.000000000134D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0134D000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_134d000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction ID: 07c1e847f8eeb2ae61adf6bf31d48b6c3226d81f154c94f92a81979625c3129f
                                                      • Opcode Fuzzy Hash: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction Fuzzy Hash: FD11BB75504280CFCB12CF54D9C4B15BBA1FB84318F28C6AAD8494B656C33AE44ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E80F1 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d4920fc1e9afc12569592cbb8ff216e00c85d554b7e8ff0e6dd874105ef0f04e
                                                      • Instruction ID: 95b93dc3dcc9f75b1374f887cdd0c03d17d2684e38bbef770ea2c03427c75a67
                                                      • Opcode Fuzzy Hash: d4920fc1e9afc12569592cbb8ff216e00c85d554b7e8ff0e6dd874105ef0f04e
                                                      • Instruction Fuzzy Hash: 30016234910209AFDF05EFA8F9916EE77B1EBC0B10F5046A9C4049B244EB716A459BA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E1524 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 24a47219a7fb984f07e8e7793a6649bbeba9f6160270932a7438a29c0d781b9b
                                                      • Instruction ID: 82f4808e14ec78049de2a8f0ae4634a1c2f09df80633163de13b4fea38ff83ba
                                                      • Opcode Fuzzy Hash: 24a47219a7fb984f07e8e7793a6649bbeba9f6160270932a7438a29c0d781b9b
                                                      • Instruction Fuzzy Hash: 11F0F032E04A20CFDB268BE888D81ACBBE1FAA812175C4097D846DF341D235D8028F11
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E7090 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 14b9436869a1146e81335629af25a5f9cc8b793c2fddaf9f6e16db1a55d735f4
                                                      • Instruction ID: 23d1e0cab4d6cf534539653db0bd31a10731c64a4e79d295c41448a30dcb5b62
                                                      • Opcode Fuzzy Hash: 14b9436869a1146e81335629af25a5f9cc8b793c2fddaf9f6e16db1a55d735f4
                                                      • Instruction Fuzzy Hash: BFF0B639B005148FD714DB68D958A6D77B2EB89715F1081A4E5069B3A8CB35AD42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 015E8100 Relevance: .0, Instructions: 33COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 00000009.00000002.2611660970.00000000015E0000.00000040.00000800.00020000.00000000.sdmp, Offset: 015E0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_9_2_15e0000_e-dekont_html.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e78efb3ddc2db05dfc9384193d85ce51ee9b15e83ac8400ed108ef8d8e8dea62
                                                      • Instruction ID: ffc88f9dfc7ee8dc8d006d0612068bf3d4f70849acb27472d15fa612e066eff7
                                                      • Opcode Fuzzy Hash: e78efb3ddc2db05dfc9384193d85ce51ee9b15e83ac8400ed108ef8d8e8dea62
                                                      • Instruction Fuzzy Hash: 7FF03134910209AFDF45FFA8F9905AD77B1EBC0B10F5047A9C4049B254EB712E459B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Execution Graph

                                                      Execution Coverage:11.5%
                                                      Dynamic/Decrypted Code Coverage:99%
                                                      Signature Coverage:0%
                                                      Total number of Nodes:307
                                                      Total number of Limit Nodes:14
                                                      execution_graph 77309 9ed01c 77310 9ed034 77309->77310 77311 9ed08e 77310->77311 77316 4cc8648 77310->77316 77320 4cc7254 77310->77320 77330 4cc8643 77310->77330 77334 4cc93ac 77310->77334 77317 4cc866e 77316->77317 77318 4cc7254 CallWindowProcW 77317->77318 77319 4cc868f 77318->77319 77319->77311 77321 4cc725f 77320->77321 77322 4cc9419 77321->77322 77324 4cc9409 77321->77324 77325 4cc9417 77322->77325 77369 4cc737c 77322->77369 77345 4cc9533 77324->77345 77350 4cc960c 77324->77350 77356 4cc95e8 77324->77356 77364 4cc9540 77324->77364 77331 4cc866e 77330->77331 77332 4cc7254 CallWindowProcW 77331->77332 77333 4cc868f 77332->77333 77333->77311 77335 4cc937d 77334->77335 77337 4cc93b3 77334->77337 77335->77311 77336 4cc9419 77338 4cc737c CallWindowProcW 77336->77338 77340 4cc9417 77336->77340 77337->77336 77339 4cc9409 77337->77339 77338->77340 77341 4cc960c CallWindowProcW 77339->77341 77342 4cc95e8 CallWindowProcW 77339->77342 77343 4cc9540 CallWindowProcW 77339->77343 77344 4cc9533 CallWindowProcW 77339->77344 77341->77340 77342->77340 77343->77340 77344->77340 77346 4cc9554 77345->77346 77348 4cc95e8 CallWindowProcW 77346->77348 77373 4cc95f8 77346->77373 77347 4cc95e0 77347->77325 77348->77347 77351 4cc95ca 77350->77351 77352 4cc961a 77350->77352 77354 4cc95e8 CallWindowProcW 77351->77354 77355 4cc95f8 CallWindowProcW 77351->77355 77353 4cc95e0 77353->77325 77354->77353 77355->77353 77357 4cc95f3 77356->77357 77359 4cc95bd 77356->77359 77358 4cc9609 77357->77358 77361 4ccaa3f CallWindowProcW 77357->77361 77358->77325 77362 4cc95e8 CallWindowProcW 77359->77362 77363 4cc95f8 CallWindowProcW 77359->77363 77360 4cc95e0 77360->77325 77361->77358 77362->77360 77363->77360 77366 4cc9554 77364->77366 77365 4cc95e0 77365->77325 77367 4cc95e8 CallWindowProcW 77366->77367 77368 4cc95f8 CallWindowProcW 77366->77368 77367->77365 77368->77365 77370 4cc7387 77369->77370 77371 4ccaafa CallWindowProcW 77370->77371 77372 4ccaaa9 77370->77372 77371->77372 77372->77325 77374 4cc9609 77373->77374 77376 4ccaa3f 77373->77376 77374->77347 77377 4cc737c CallWindowProcW 77376->77377 77378 4ccaa4a 77377->77378 77378->77374 77022 a49ca0 77023 a49caa 77022->77023 77024 a49d2a 77023->77024 77026 a44cf4 77023->77026 77027 a44cff 77026->77027 77030 a4cf18 77027->77030 77029 a4d6ae 77029->77023 77031 a4cf23 77030->77031 77034 a4cf48 77031->77034 77033 a4d9ed 77033->77029 77035 a4cf53 77034->77035 77038 a4cf78 77035->77038 77037 a4dac2 77037->77033 77039 a4cf83 77038->77039 77042 a4cfa8 77039->77042 77041 a4dbc5 77041->77037 77044 a4cfb3 77042->77044 77043 a4efe9 77043->77041 77044->77043 77047 4cc39f8 77044->77047 77053 4cc39e9 77044->77053 77048 4cc3a19 77047->77048 77049 4cc3a3d 77048->77049 77059 4cc3c0b 77048->77059 77064 4cc3ba3 77048->77064 77068 4cc3ba8 77048->77068 77049->77043 77054 4cc3a19 77053->77054 77055 4cc3a3d 77054->77055 77056 4cc3ba8 2 API calls 77054->77056 77057 4cc3c0b 2 API calls 77054->77057 77058 4cc3ba3 2 API calls 77054->77058 77055->77043 77056->77055 77057->77055 77058->77055 77060 4cc3c0f 77059->77060 77061 4cc3bd8 77059->77061 77060->77049 77062 4cc3bef 77061->77062 77072 4cc3710 77061->77072 77062->77049 77065 4cc3bb5 77064->77065 77066 4cc3710 2 API calls 77065->77066 77067 4cc3bef 77065->77067 77066->77067 77067->77049 77069 4cc3bb5 77068->77069 77070 4cc3bef 77069->77070 77071 4cc3710 2 API calls 77069->77071 77070->77049 77071->77070 77073 4cc371b 77072->77073 77075 4cc4500 77073->77075 77076 4cc383c 77073->77076 77075->77075 77077 4cc3847 77076->77077 77082 4cc62e8 77077->77082 77087 4cc62fb 77077->77087 77092 4cc6300 77077->77092 77078 4cc45a9 77078->77075 77083 4cc62f2 77082->77083 77085 4cc755b CreateWindowExW CreateWindowExW 77083->77085 77086 4cc7560 CreateWindowExW CreateWindowExW 77083->77086 77084 4cc6431 77084->77078 77085->77084 77086->77084 77088 4cc6304 77087->77088 77089 4cc633d 77088->77089 77090 4cc755b CreateWindowExW CreateWindowExW 77088->77090 77091 4cc7560 CreateWindowExW CreateWindowExW 77088->77091 77089->77078 77090->77089 77091->77089 77094 4cc6331 77092->77094 77095 4cc6431 77092->77095 77093 4cc633d 77093->77078 77094->77093 77096 4cc755b CreateWindowExW CreateWindowExW 77094->77096 77097 4cc7560 CreateWindowExW CreateWindowExW 77094->77097 77095->77078 77096->77095 77097->77095 77288 4ccfd88 77290 a4cfa8 2 API calls 77288->77290 77289 4ccfd9b 77290->77289 77386 8db5b10 77388 8db5b1b 77386->77388 77387 8db5b65 77388->77387 77389 8db5b7e 77388->77389 77390 8db5bad 77388->77390 77395 8db3790 77389->77395 77391 8db5bc7 77390->77391 77399 8db37a0 77390->77399 77396 8db379b 77395->77396 77397 8db37a0 2 API calls 77396->77397 77398 8db5b94 77397->77398 77400 8db37ab 77399->77400 77402 a4cfa8 2 API calls 77400->77402 77401 8db5c4c 77401->77391 77402->77401 77098 4cc3cc0 77099 4cc3d06 77098->77099 77103 4cc3e9b 77099->77103 77106 4cc3ea0 77099->77106 77100 4cc3df3 77109 4cc37d8 77103->77109 77107 4cc3ece 77106->77107 77108 4cc37d8 DuplicateHandle 77106->77108 77107->77100 77108->77107 77110 4cc3f08 DuplicateHandle 77109->77110 77111 4cc3ece 77110->77111 77111->77100 77379 a49028 77380 a49070 VirtualProtect 77379->77380 77381 a490aa 77380->77381 77403 a4a368 77405 a4a38f 77403->77405 77404 a4a46c 77405->77404 77407 a49f94 77405->77407 77408 a4b3f8 CreateActCtxA 77407->77408 77410 a4b4bb 77408->77410 77112 8de10d0 77113 8de10d5 77112->77113 77117 8de1510 77113->77117 77121 8de1501 77113->77121 77114 8de10f4 77118 8de1547 77117->77118 77120 a4cfa8 2 API calls 77118->77120 77119 8de1647 77119->77114 77120->77119 77122 8de1547 77121->77122 77124 a4cfa8 2 API calls 77122->77124 77123 8de1647 77123->77114 77124->77123 77132 273a243 77133 273a2c0 77132->77133 77134 273a2b7 77133->77134 77136 273cae0 77133->77136 77137 273cafa 77136->77137 77140 273cde1 77137->77140 77138 273cb1e 77138->77134 77141 273cdf5 77140->77141 77142 273ce07 77141->77142 77156 273d2ee 77141->77156 77161 273d048 77141->77161 77170 273cf4f 77141->77170 77174 273d7a6 77141->77174 77179 273cee9 77141->77179 77184 273d35c 77141->77184 77189 273d000 77141->77189 77197 273d3b0 77141->77197 77205 273d2dd 77141->77205 77210 273d4d3 77141->77210 77217 273d6ce 77141->77217 77223 273d60d 77141->77223 77228 273d0cf 77141->77228 77142->77138 77157 273d614 77156->77157 77232 27396c1 77157->77232 77236 27396c8 77157->77236 77158 273d636 77163 273d021 77161->77163 77162 273d762 77162->77142 77163->77162 77168 2739511 VirtualAllocEx 77163->77168 77240 2739518 77163->77240 77164 273d774 77165 273d7ad 77164->77165 77167 2739518 VirtualAllocEx 77164->77167 77244 2739511 77164->77244 77167->77164 77168->77164 77171 273cf94 77170->77171 77248 2739c98 77170->77248 77252 2739c95 77170->77252 77171->77142 77175 273d774 77174->77175 77176 273d7ad 77174->77176 77175->77174 77177 2739511 VirtualAllocEx 77175->77177 77178 2739518 VirtualAllocEx 77175->77178 77177->77175 77178->77175 77180 273cef6 77179->77180 77182 2739c95 CreateProcessA 77180->77182 77183 2739c98 CreateProcessA 77180->77183 77181 273cf94 77181->77142 77182->77181 77183->77181 77185 273d362 77184->77185 77256 27395d0 77185->77256 77260 27395d8 77185->77260 77186 273d1f0 77186->77142 77190 273d021 77189->77190 77193 2739511 VirtualAllocEx 77190->77193 77194 2739518 VirtualAllocEx 77190->77194 77191 273d774 77192 273d7ad 77191->77192 77195 2739511 VirtualAllocEx 77191->77195 77196 2739518 VirtualAllocEx 77191->77196 77193->77191 77194->77191 77195->77191 77196->77191 77198 273d18a 77197->77198 77199 273cfbf 77197->77199 77264 2739390 77198->77264 77268 2739388 77198->77268 77200 273cfd1 77199->77200 77201 27395d0 WriteProcessMemory 77199->77201 77202 27395d8 WriteProcessMemory 77199->77202 77200->77142 77201->77199 77202->77199 77206 273d849 77205->77206 77272 2739439 77206->77272 77276 2739440 77206->77276 77207 273d864 77215 27395d0 WriteProcessMemory 77210->77215 77216 27395d8 WriteProcessMemory 77210->77216 77211 273cfd1 77211->77142 77212 273cfbf 77212->77211 77213 27395d0 WriteProcessMemory 77212->77213 77214 27395d8 WriteProcessMemory 77212->77214 77213->77212 77214->77212 77215->77212 77216->77212 77218 273d373 77217->77218 77219 273d6ed 77217->77219 77221 27395d0 WriteProcessMemory 77218->77221 77222 27395d8 WriteProcessMemory 77218->77222 77220 273d1f0 77220->77142 77221->77220 77222->77220 77224 273d613 77223->77224 77225 273d636 77224->77225 77226 27396c1 ReadProcessMemory 77224->77226 77227 27396c8 ReadProcessMemory 77224->77227 77226->77225 77227->77225 77230 2739440 Wow64SetThreadContext 77228->77230 77231 2739439 Wow64SetThreadContext 77228->77231 77229 273d0e9 77229->77142 77230->77229 77231->77229 77233 27396c8 ReadProcessMemory 77232->77233 77235 2739757 77233->77235 77235->77158 77237 2739713 ReadProcessMemory 77236->77237 77239 2739757 77237->77239 77239->77158 77241 2739558 VirtualAllocEx 77240->77241 77243 2739595 77241->77243 77243->77164 77245 2739518 VirtualAllocEx 77244->77245 77247 2739595 77245->77247 77247->77164 77249 2739d21 CreateProcessA 77248->77249 77251 2739ee3 77249->77251 77251->77251 77253 2739c98 CreateProcessA 77252->77253 77255 2739ee3 77253->77255 77255->77255 77257 27395d8 WriteProcessMemory 77256->77257 77259 2739677 77257->77259 77259->77186 77261 2739620 WriteProcessMemory 77260->77261 77263 2739677 77261->77263 77263->77186 77265 27393d0 ResumeThread 77264->77265 77267 2739401 77265->77267 77267->77199 77269 2739390 ResumeThread 77268->77269 77271 2739401 77269->77271 77271->77199 77273 2739440 Wow64SetThreadContext 77272->77273 77275 27394cd 77273->77275 77275->77207 77277 2739485 Wow64SetThreadContext 77276->77277 77279 27394cd 77277->77279 77279->77207 77291 8db90a8 77294 8db90b8 77291->77294 77297 8db69e8 77291->77297 77293 8db90bc 77294->77293 77301 8db69f8 77294->77301 77296 8db92b5 77298 8db69f3 77297->77298 77299 8db69f8 2 API calls 77298->77299 77300 8db92b5 77299->77300 77300->77294 77302 8db6a03 77301->77302 77305 8db6a08 77302->77305 77304 8db951b 77304->77296 77306 8db6a13 77305->77306 77308 a4cf78 2 API calls 77306->77308 77307 8db9854 77307->77304 77308->77307 77125 273dc68 77126 273ddf3 77125->77126 77128 273dc8e 77125->77128 77128->77126 77129 2737ed4 77128->77129 77130 273dee8 PostMessageW 77129->77130 77131 273df54 77130->77131 77131->77128 77280 8db5ee0 77281 8db5ef7 77280->77281 77284 8db38d4 77281->77284 77283 8db5f82 77285 8db38df 77284->77285 77287 a4cf48 2 API calls 77285->77287 77286 8db60d9 77286->77283 77287->77286 77382 7c63378 77384 7c633c6 DrawTextExW 77382->77384 77385 7c6341e 77384->77385

                                                      Executed Functions

                                                      Function 0923F090 Relevance: 1.4, Strings: 1, Instructions: 141COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: k)>1
                                                      • API String ID: 0-3940862262
                                                      • Opcode ID: 66a40cf825f1f0b105720dd322795cfcefcc0231e1498a6ffa3e0b9813ec0b9a
                                                      • Instruction ID: 40c2bfc94a8efe9e7f3b611f953b1df25db25d4e279a93bd845f4e088918d17b
                                                      • Opcode Fuzzy Hash: 66a40cf825f1f0b105720dd322795cfcefcc0231e1498a6ffa3e0b9813ec0b9a
                                                      • Instruction Fuzzy Hash: 3F519E74E2060ADFDB04CFA9D6459AEBBF2FF84300F90C869D015AB265E770DA45CB81
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5A388 Relevance: 1.0, Instructions: 994COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 98d5ddd08bdaca7046d6a7c37aa8b9d7fb39e9bd578be4563ed1c1198f8c5949
                                                      • Instruction ID: b4d7164bf332bdb3f0d119835f9b40edb9686b7aa10129235bf4513964be4737
                                                      • Opcode Fuzzy Hash: 98d5ddd08bdaca7046d6a7c37aa8b9d7fb39e9bd578be4563ed1c1198f8c5949
                                                      • Instruction Fuzzy Hash: B072DF30B002148FDB15AB79C8587AE77E6AFC9760F258169E40ADB3A1CF34DC46CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD1138 Relevance: .9, Instructions: 927COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0378e162667f26e0113bd7b94edcd706f17cb69c34c3ae1cac870544248a04a5
                                                      • Instruction ID: ccc8a86f94d8d2e2acf91d3ad263fe58473deaa244ffc04717b866842ffb3723
                                                      • Opcode Fuzzy Hash: 0378e162667f26e0113bd7b94edcd706f17cb69c34c3ae1cac870544248a04a5
                                                      • Instruction Fuzzy Hash: 0CA20931E102198FCB15DF68C8586EDB7B2FF89300F1486A9D90AA7351EB74AE95CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0923DCC8 Relevance: .7, Instructions: 696COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d484d38c24d60e38aae69e9acdd4fb9d6d3d121e870c0067052602caa2a87485
                                                      • Instruction ID: 66e7fa2ecc290b12ab5c316d15e12d4987d4d8aa97b008e49a19446224ca2182
                                                      • Opcode Fuzzy Hash: d484d38c24d60e38aae69e9acdd4fb9d6d3d121e870c0067052602caa2a87485
                                                      • Instruction Fuzzy Hash: 5752B0B1F20219CFDB14DBA8C944BADB7B2BB84740F91C16AE506AB395DBB08D45CF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA52420 Relevance: .7, Instructions: 668COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1387029740a1feb7a3e3633587ca984ce44c55f17947f863b7ee5cb0f8e463fb
                                                      • Instruction ID: a9642dcefaec65a3dbefa39924d4807b2be4ac91afdb3048df67148b20ed9dc8
                                                      • Opcode Fuzzy Hash: 1387029740a1feb7a3e3633587ca984ce44c55f17947f863b7ee5cb0f8e463fb
                                                      • Instruction Fuzzy Hash: 04520630600604CFDB54DF68C588BADB7F2BF85715F6585A8E80A9B3A1DB35EC86CB44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5E498 Relevance: .5, Instructions: 511COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3868736c22b622217689c45ed48e02734a4c8026562d73a3e8ee6e075aab2cb
                                                      • Instruction ID: e1840f8d10d2a804466a254ed8f7fa4aab000dfd80a32fd16db3d9d425438970
                                                      • Opcode Fuzzy Hash: d3868736c22b622217689c45ed48e02734a4c8026562d73a3e8ee6e075aab2cb
                                                      • Instruction Fuzzy Hash: 3A32EA71D0061A8FCB15DF68C8906EDF7B1FF89300F1586AAD859A7251EB70AAC5CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5E641 Relevance: .4, Instructions: 377COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 468c7cc2d2424f4f4548b1dc41526327808e7de3133674f6272bf28ba8647573
                                                      • Instruction ID: 03ae6d933b17e430569198256b773f859f6481d9a7a753ecfae546dea19aa607
                                                      • Opcode Fuzzy Hash: 468c7cc2d2424f4f4548b1dc41526327808e7de3133674f6272bf28ba8647573
                                                      • Instruction Fuzzy Hash: 7312A575D0061A8FCB15DF68C890AE9F7B1FF49300F15C6AAD859A7251EB70AAC5CF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE5038 Relevance: .1, Instructions: 128COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c830234be98001855c689fedba7dfc798205428a74d4528bc93e4697189978c0
                                                      • Instruction ID: dde9a8fcaf7524b5eb8e0d4eea31bb6627afe03ab43d3db8dc4fbbd51fb832ba
                                                      • Opcode Fuzzy Hash: c830234be98001855c689fedba7dfc798205428a74d4528bc93e4697189978c0
                                                      • Instruction Fuzzy Hash: CC41F371E04115CFD704AF68E440ABDBBF1AB482DAF5583BAF496AB392C334C941CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DED205 Relevance: 3.0, Strings: 2, Instructions: 451COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 87 8ded205-8ded20f 88 8ded219-8ded27e 87->88 92 8ded287-8ded288 88->92 93 8ded280 88->93 94 8ded2df-8ded2e5 92->94 93->92 95 8ded28a-8ded2ac 94->95 96 8ded2e7-8ded3a9 94->96 97 8ded2ae 95->97 98 8ded2b3-8ded2dc 95->98 107 8ded3ea-8ded3ee 96->107 108 8ded3ab-8ded3e4 96->108 97->98 98->94 109 8ded42f-8ded433 107->109 110 8ded3f0-8ded429 107->110 108->107 111 8ded474-8ded478 109->111 112 8ded435-8ded46e 109->112 110->109 115 8ded47e-8ded496 111->115 116 8ded4fc-8ded557 111->116 112->111 118 8ded49c-8ded4a3 115->118 119 8ded176-8ded17a 115->119 134 8ded58e-8ded5b8 116->134 135 8ded559-8ded58c 116->135 123 8ded4ea-8ded4ee 118->123 120 8ded17c-8ded1b4 119->120 121 8ded1c9-8ded1ff 119->121 148 8ded669-8ded66e 120->148 121->87 136 8ded09d-8ded0aa 121->136 124 8ded4f4-8ded4fa 123->124 125 8ded052-8ded056 123->125 124->116 126 8ded4a5-8ded4e7 124->126 127 8ded06b-8ded071 125->127 128 8ded058-8ded066 125->128 126->123 133 8ded0bc-8ded0c0 127->133 132 8ded0eb-8ded11d 128->132 163 8ded11f-8ded12b 132->163 164 8ded147 132->164 141 8ded0c2-8ded0d9 133->141 142 8ded073-8ded07f 133->142 157 8ded5c1-8ded62e 134->157 135->157 138 8ded00f-8ded033 136->138 139 8ded0b0-8ded0b7 136->139 152 8ded0e1-8ded0e5 138->152 139->141 143 8ded08e-8ded094 141->143 144 8ded0db-8ded0de 141->144 146 8ded086-8ded08b 142->146 147 8ded081 142->147 155 8ded0b9 143->155 156 8ded096-8ded09a 143->156 144->152 146->143 147->146 153 8ded685-8ded6a4 148->153 154 8ded670-8ded67e 148->154 152->132 159 8ded038-8ded04f 152->159 165 8ded6aa-8ded6b1 153->165 166 8decfc7-8ded71e 153->166 154->153 155->133 156->136 176 8ded634-8ded640 157->176 159->125 168 8ded12d-8ded133 163->168 169 8ded135-8ded13b 163->169 171 8ded14d-8ded173 164->171 173 8ded145 168->173 169->173 171->119 173->171 177 8ded647-8ded65a 176->177 177->148
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: :$~
                                                      • API String ID: 0-2431124681
                                                      • Opcode ID: dd747cd5152c7823005cbf884707b4dda366db8f8af3aa87528d943edf70c443
                                                      • Instruction ID: c04af75f6a52940964b324ca8ac779bb92e3d5b5276e05ba6143a58e8957154f
                                                      • Opcode Fuzzy Hash: dd747cd5152c7823005cbf884707b4dda366db8f8af3aa87528d943edf70c443
                                                      • Instruction Fuzzy Hash: 8022E375900218DFDB15DFA8C884E98BBB2FF48305F1581E9E509AB222DB32ED91DF10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBB37C Relevance: 2.7, Strings: 2, Instructions: 159COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 253 8dbb37c-8dbbdbd call 8dbc778 259 8dbbdc3-8dbbddc 253->259 263 8dbbe3e-8dbbf23 call 8dbb3ac call 8dbb3bc 259->263 264 8dbbdde-8dbbe36 259->264 264->263
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: $
                                                      • API String ID: 0-227171996
                                                      • Opcode ID: e9aac728185ceec72735bae25ed14506f00ed5e411570d508a2798ad4731ce4d
                                                      • Instruction ID: e23a5effa71affbdf88349e97214c3e9c445ea7dcf3d4398071f0a3025281f61
                                                      • Opcode Fuzzy Hash: e9aac728185ceec72735bae25ed14506f00ed5e411570d508a2798ad4731ce4d
                                                      • Instruction Fuzzy Hash: 7E61A235910B01CFEB00EF28D485A5577F5FF85314B41CAA9D949AB32AEB71E998CF80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739C95 Relevance: 1.7, APIs: 1, Instructions: 245processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 377 2739c95-2739d2d 380 2739d66-2739d86 377->380 381 2739d2f-2739d39 377->381 386 2739d88-2739d92 380->386 387 2739dbf-2739dee 380->387 381->380 382 2739d3b-2739d3d 381->382 384 2739d60-2739d63 382->384 385 2739d3f-2739d49 382->385 384->380 388 2739d4b 385->388 389 2739d4d-2739d5c 385->389 386->387 391 2739d94-2739d96 386->391 397 2739df0-2739dfa 387->397 398 2739e27-2739ee1 CreateProcessA 387->398 388->389 389->389 390 2739d5e 389->390 390->384 392 2739db9-2739dbc 391->392 393 2739d98-2739da2 391->393 392->387 395 2739da6-2739db5 393->395 396 2739da4 393->396 395->395 400 2739db7 395->400 396->395 397->398 399 2739dfc-2739dfe 397->399 409 2739ee3-2739ee9 398->409 410 2739eea-2739f70 398->410 401 2739e21-2739e24 399->401 402 2739e00-2739e0a 399->402 400->392 401->398 404 2739e0e-2739e1d 402->404 405 2739e0c 402->405 404->404 406 2739e1f 404->406 405->404 406->401 409->410 420 2739f72-2739f76 410->420 421 2739f80-2739f84 410->421 420->421 422 2739f78 420->422 423 2739f86-2739f8a 421->423 424 2739f94-2739f98 421->424 422->421 423->424 425 2739f8c 423->425 426 2739f9a-2739f9e 424->426 427 2739fa8-2739fac 424->427 425->424 426->427 428 2739fa0 426->428 429 2739fbe-2739fc5 427->429 430 2739fae-2739fb4 427->430 428->427 431 2739fc7-2739fd6 429->431 432 2739fdc 429->432 430->429 431->432 434 2739fdd 432->434 434->434
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02739ECE
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 2af5e8dccae2dcdf440d994ab6695e3bd63dc9f161eb9d171c0a0e9d530fd86a
                                                      • Instruction ID: e5d6ca3fa6d2ffa4e46f8bb6b37ee2ef94da112181805a7f2de7c01d3756f2d6
                                                      • Opcode Fuzzy Hash: 2af5e8dccae2dcdf440d994ab6695e3bd63dc9f161eb9d171c0a0e9d530fd86a
                                                      • Instruction Fuzzy Hash: DF915871D00319DFEB21DFA9C841BEEBBB2BF49314F148169E908A7241DBB49985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739C98 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 435 2739c98-2739d2d 437 2739d66-2739d86 435->437 438 2739d2f-2739d39 435->438 443 2739d88-2739d92 437->443 444 2739dbf-2739dee 437->444 438->437 439 2739d3b-2739d3d 438->439 441 2739d60-2739d63 439->441 442 2739d3f-2739d49 439->442 441->437 445 2739d4b 442->445 446 2739d4d-2739d5c 442->446 443->444 448 2739d94-2739d96 443->448 454 2739df0-2739dfa 444->454 455 2739e27-2739ee1 CreateProcessA 444->455 445->446 446->446 447 2739d5e 446->447 447->441 449 2739db9-2739dbc 448->449 450 2739d98-2739da2 448->450 449->444 452 2739da6-2739db5 450->452 453 2739da4 450->453 452->452 457 2739db7 452->457 453->452 454->455 456 2739dfc-2739dfe 454->456 466 2739ee3-2739ee9 455->466 467 2739eea-2739f70 455->467 458 2739e21-2739e24 456->458 459 2739e00-2739e0a 456->459 457->449 458->455 461 2739e0e-2739e1d 459->461 462 2739e0c 459->462 461->461 463 2739e1f 461->463 462->461 463->458 466->467 477 2739f72-2739f76 467->477 478 2739f80-2739f84 467->478 477->478 479 2739f78 477->479 480 2739f86-2739f8a 478->480 481 2739f94-2739f98 478->481 479->478 480->481 482 2739f8c 480->482 483 2739f9a-2739f9e 481->483 484 2739fa8-2739fac 481->484 482->481 483->484 485 2739fa0 483->485 486 2739fbe-2739fc5 484->486 487 2739fae-2739fb4 484->487 485->484 488 2739fc7-2739fd6 486->488 489 2739fdc 486->489 487->486 488->489 491 2739fdd 489->491 491->491
                                                      APIs
                                                      • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 02739ECE
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CreateProcess
                                                      • String ID:
                                                      • API String ID: 963392458-0
                                                      • Opcode ID: 07fac46b3f36d08bb186ada942bf7bb1b9ed61a0295159c60ebe3173bb3c46ab
                                                      • Instruction ID: 96da149b4de74c6f8b7dd3be42f3341b756bb0f73b4e9a10e29968f846f683fb
                                                      • Opcode Fuzzy Hash: 07fac46b3f36d08bb186ada942bf7bb1b9ed61a0295159c60ebe3173bb3c46ab
                                                      • Instruction Fuzzy Hash: 11915871D00319CFEB21DFA9C841BEEBBB2BB49314F148169E908A7241DBB49985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC8487 Relevance: 1.6, APIs: 1, Instructions: 131COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 492 4cc8487-4cc8489 493 4cc848b-4cc84f6 492->493 494 4cc8455-4cc8470 call 4cc7228 492->494 499 4cc84f8-4cc84fe 493->499 500 4cc8501-4cc8508 493->500 497 4cc8475-4cc8476 494->497 499->500 501 4cc850a-4cc8510 500->501 502 4cc8513-4cc85b2 CreateWindowExW 500->502 501->502 504 4cc85bb-4cc85f3 502->504 505 4cc85b4-4cc85ba 502->505 509 4cc85f5-4cc85f8 504->509 510 4cc8600 504->510 505->504 509->510 511 4cc8601 510->511 511->511
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CC85A2
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: 6bfc1281ab27375d5583e68c4fb2122ceadc31c6386c33c6fcc3053aeaed8f31
                                                      • Instruction ID: 9e6d124cb410640762e5df0ad167ae1b00e804f519ee8753e32bca6dccbc4650
                                                      • Opcode Fuzzy Hash: 6bfc1281ab27375d5583e68c4fb2122ceadc31c6386c33c6fcc3053aeaed8f31
                                                      • Instruction Fuzzy Hash: 4351C3B1C00209AFDF15DF99C884ADEBFB6FF48310F24852AE818AB220D775A945CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC8413 Relevance: 1.6, APIs: 1, Instructions: 117COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 512 4cc8413-4cc8430 513 4cc84a4-4cc84f6 512->513 514 4cc8432 512->514 515 4cc84f8-4cc84fe 513->515 516 4cc8501-4cc8508 513->516 514->513 515->516 517 4cc850a-4cc8510 516->517 518 4cc8513-4cc854b 516->518 517->518 519 4cc8553-4cc85b2 CreateWindowExW 518->519 520 4cc85bb-4cc85f3 519->520 521 4cc85b4-4cc85ba 519->521 525 4cc85f5-4cc85f8 520->525 526 4cc8600 520->526 521->520 525->526 527 4cc8601 526->527 527->527
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CC85A2
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: b593beaec4f86bc0f578e87410b446a424d0d2a73cf6af1fb6571d934ae7fb45
                                                      • Instruction ID: 0e87d4798f524bba59dca7734e253f58d6c5a753231369ab403404b10864b3dd
                                                      • Opcode Fuzzy Hash: b593beaec4f86bc0f578e87410b446a424d0d2a73cf6af1fb6571d934ae7fb45
                                                      • Instruction Fuzzy Hash: 4241E4B5D043499FEF15CFA9C880ADEBBB1BF48304F24811AE415AB250D775A985CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC7228 Relevance: 1.6, APIs: 1, Instructions: 116COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 528 4cc7228-4cc84f6 531 4cc84f8-4cc84fe 528->531 532 4cc8501-4cc8508 528->532 531->532 533 4cc850a-4cc8510 532->533 534 4cc8513-4cc85b2 CreateWindowExW 532->534 533->534 536 4cc85bb-4cc85f3 534->536 537 4cc85b4-4cc85ba 534->537 541 4cc85f5-4cc85f8 536->541 542 4cc8600 536->542 537->536 541->542 543 4cc8601 542->543 543->543
                                                      APIs
                                                      • CreateWindowExW.USER32(?,?,?,?,?,?,0000000C,?,?,?,?,?), ref: 04CC85A2
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CreateWindow
                                                      • String ID:
                                                      • API String ID: 716092398-0
                                                      • Opcode ID: f87f70635676c8a306976474174f018be4692a983bc15cebad32748e0e81f3ae
                                                      • Instruction ID: cac5a3144451d46d3dd592ba3f0175601086b5d2f900495368e09af54f4ceeb6
                                                      • Opcode Fuzzy Hash: f87f70635676c8a306976474174f018be4692a983bc15cebad32748e0e81f3ae
                                                      • Instruction Fuzzy Hash: 7651D2B1D103089FDB14DF9AC884ADEBBB6BF48314F24812EE819AB210D775A941CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC737C Relevance: 1.6, APIs: 1, Instructions: 97COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 544 4cc737c-4ccaa9c 547 4ccab4c-4ccab6c call 4cc7254 544->547 548 4ccaaa2-4ccaaa7 544->548 555 4ccab6f-4ccab7c 547->555 550 4ccaaa9-4ccaae0 548->550 551 4ccaafa-4ccab32 CallWindowProcW 548->551 558 4ccaae9-4ccaaf8 550->558 559 4ccaae2-4ccaae8 550->559 553 4ccab3b-4ccab4a 551->553 554 4ccab34-4ccab3a 551->554 553->555 554->553 558->555 559->558
                                                      APIs
                                                      • CallWindowProcW.USER32(?,?,?,?,?), ref: 04CCAB21
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: CallProcWindow
                                                      • String ID:
                                                      • API String ID: 2714655100-0
                                                      • Opcode ID: 24af03f4095a861b02e3488c111d312a411ec69b1de836d39191ee050bd784b4
                                                      • Instruction ID: fadb10bd0d7eedbd85d3e885304d50d45ac97a22e0f4142f1066d745c5a3ba86
                                                      • Opcode Fuzzy Hash: 24af03f4095a861b02e3488c111d312a411ec69b1de836d39191ee050bd784b4
                                                      • Instruction Fuzzy Hash: 634109B99002098FDB14CF99C488BAAFBF6FB88314F24C459E519A7321D775A941CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49F94 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                      Download Yara Rule

                                                      Control-flow Graph

                                                      • Executed
                                                      • Not Executed
                                                      control_flow_graph 561 a49f94-a4b4b9 CreateActCtxA 564 a4b4c2-a4b51c 561->564 565 a4b4bb-a4b4c1 561->565 572 a4b51e-a4b521 564->572 573 a4b52b-a4b52f 564->573 565->564 572->573 574 a4b540 573->574 575 a4b531-a4b53d 573->575 575->574
                                                      APIs
                                                      • CreateActCtxA.KERNEL32(?), ref: 00A4B4A9
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547916206.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_a40000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: Create
                                                      • String ID:
                                                      • API String ID: 2289755597-0
                                                      • Opcode ID: eda2159cc59501a0fc3bc1dad65baeb47a84f5c1efe403721f72683230f1216c
                                                      • Instruction ID: e655734ebc852c22d5912106da5e152a7cab2504af1bd55c241c15745e861adb
                                                      • Opcode Fuzzy Hash: eda2159cc59501a0fc3bc1dad65baeb47a84f5c1efe403721f72683230f1216c
                                                      • Instruction Fuzzy Hash: 9C41D474D10718CFEB24CFAAC8447DEBBB5BF88704F20806AD419AB251DB716945CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027395D0 Relevance: 1.6, APIs: 1, Instructions: 74injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02739668
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 3928a5084a55add056420dffcc649d6869e69f8ed8dc5383ba4ec37dfbd73dd3
                                                      • Instruction ID: c3ec4b29757d09b7a65fe44a5fef8d5601d583b5d217c7bdc08efd21e8675552
                                                      • Opcode Fuzzy Hash: 3928a5084a55add056420dffcc649d6869e69f8ed8dc5383ba4ec37dfbd73dd3
                                                      • Instruction Fuzzy Hash: 78214875900349DFDB10CFAAC885BEEBBF5FF48314F10842AE918A7250D7799945CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07C63371 Relevance: 1.6, APIs: 1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07C6340F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558135649.0000000007C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C60000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_7c60000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: c9967db12bdfd831a7fa3a418472c5388f17e130ab4801e21928829375c4339c
                                                      • Instruction ID: 45c37201443a1773d0d78a2a3b18e63c78672703463df7a21cd1dce698d21812
                                                      • Opcode Fuzzy Hash: c9967db12bdfd831a7fa3a418472c5388f17e130ab4801e21928829375c4339c
                                                      • Instruction Fuzzy Hash: 1031E3B5D002499FDB10CFAAD884ADEFBF5FF48320F14842AE819A7210D774A941CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027395D8 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 02739668
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessWrite
                                                      • String ID:
                                                      • API String ID: 3559483778-0
                                                      • Opcode ID: 61de31da3f65029d86fba291e93611956c3fd3d5da6d68aa06e81d32fc7869f0
                                                      • Instruction ID: 51fd80331c85def7e9c5fce59333b34fee251b56211ad16afdb79bdb94b4e358
                                                      • Opcode Fuzzy Hash: 61de31da3f65029d86fba291e93611956c3fd3d5da6d68aa06e81d32fc7869f0
                                                      • Instruction Fuzzy Hash: 3A212575900349DFDB10CFAAC885BDEBBF5FF48310F10842AE919A7251D7789944CBA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 07C63378 Relevance: 1.6, APIs: 1, Instructions: 69COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DrawTextExW.USER32(?,?,?,?,?,?), ref: 07C6340F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558135649.0000000007C60000.00000040.00000800.00020000.00000000.sdmp, Offset: 07C60000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_7c60000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: DrawText
                                                      • String ID:
                                                      • API String ID: 2175133113-0
                                                      • Opcode ID: 991bd6f49463240871faa53fb1b9e9abbeecf50fdb7d3d16652d91560906465e
                                                      • Instruction ID: ee7363e3802df95080fff2a96e3d0804b4bbdbb1bdc7f32581e7d2394172c0d2
                                                      • Opcode Fuzzy Hash: 991bd6f49463240871faa53fb1b9e9abbeecf50fdb7d3d16652d91560906465e
                                                      • Instruction Fuzzy Hash: 3C21E0B59002499FDB10CF9AD884AAEFBF4FB48320F14842AE919A7210D774A940CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739439 Relevance: 1.6, APIs: 1, Instructions: 67threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027394BE
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 4214cb0d2679f4ad17e7f8e845c9961a4bc5e946981b896301bfbf01649bbee3
                                                      • Instruction ID: c52554e92a07e6c715fdaa475e9ebb49c102bbd96808ba28884939d7106e1f62
                                                      • Opcode Fuzzy Hash: 4214cb0d2679f4ad17e7f8e845c9961a4bc5e946981b896301bfbf01649bbee3
                                                      • Instruction Fuzzy Hash: 112168729003088FDB14DFAAC485BEFBBF4EF48324F10842AE519A7241C7789945CFA4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027396C1 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02739748
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 7ca77d9b7eb7ef3fd71038c7be9fd8f195edd4f51ed5574837a904e45f7c5c78
                                                      • Instruction ID: a96bcae22298218dfe84b7b9aef52d18dac0cbecf67bd30eea744f7f215e0bff
                                                      • Opcode Fuzzy Hash: 7ca77d9b7eb7ef3fd71038c7be9fd8f195edd4f51ed5574837a904e45f7c5c78
                                                      • Instruction Fuzzy Hash: C22107718003499FDB14CFAAC885AEEBBF5FF48310F10882AE518A7250C7759901DBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC37D8 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04CC3ECE,?,?,?,?,?), ref: 04CC3F8F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: dd19b78d81fc5d9999294fb8ff60c7fa87e22c54ca3618c179a7d103f66c5520
                                                      • Instruction ID: ef8c7f32b584cabdb896c97ea7fe4d5612872c5335e193901887a33a64eeec57
                                                      • Opcode Fuzzy Hash: dd19b78d81fc5d9999294fb8ff60c7fa87e22c54ca3618c179a7d103f66c5520
                                                      • Instruction Fuzzy Hash: A221E6B590034C9FDB10CFAAD484ADEFBF5EB48310F14845AE914A3350D374A954CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 04CC3F03 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?,?,?,?,04CC3ECE,?,?,?,?,?), ref: 04CC3F8F
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1556281600.0000000004CC0000.00000040.00000800.00020000.00000000.sdmp, Offset: 04CC0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_4cc0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: DuplicateHandle
                                                      • String ID:
                                                      • API String ID: 3793708945-0
                                                      • Opcode ID: dbd6978cce71925f2fa6d475d73f32f1880a81baf52489f0ca549c7508cc9242
                                                      • Instruction ID: 3e971a34a035a9a57b912aca8c7daa785c811d998a19426416a20124f57aa469
                                                      • Opcode Fuzzy Hash: dbd6978cce71925f2fa6d475d73f32f1880a81baf52489f0ca549c7508cc9242
                                                      • Instruction Fuzzy Hash: 5521F5B59002489FDB10CFAAD885ADEFFF5FB48310F14841AE918A3350D374A941CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 027396C8 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 02739748
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: MemoryProcessRead
                                                      • String ID:
                                                      • API String ID: 1726664587-0
                                                      • Opcode ID: 20f753c7e7b03cc552e251444bb807a48f22032d746ed788671d92dce494c045
                                                      • Instruction ID: cc023ae5d46facf8647ecdf5ab1334b5f048c2f8f38141560d059e1d21bf9bf7
                                                      • Opcode Fuzzy Hash: 20f753c7e7b03cc552e251444bb807a48f22032d746ed788671d92dce494c045
                                                      • Instruction Fuzzy Hash: 4D2128718003499FDB10CFAAC881BDEFBF5FF48310F10882AE518A7250C7799500DBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739440 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 027394BE
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: ContextThreadWow64
                                                      • String ID:
                                                      • API String ID: 983334009-0
                                                      • Opcode ID: 3f6dfb01c4b9894c4484154a4a9ff53b0ef78ae13563f9b3c4edfc701c760329
                                                      • Instruction ID: b9db69ab7c4a698a23b5bf8fc756b55b72935c75a39fae2961a455527963c689
                                                      • Opcode Fuzzy Hash: 3f6dfb01c4b9894c4484154a4a9ff53b0ef78ae13563f9b3c4edfc701c760329
                                                      • Instruction Fuzzy Hash: 392135719003098FDB10CFAAC485BEFBBF4AF48324F14842AE519A7241CB789944CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739511 Relevance: 1.6, APIs: 1, Instructions: 57memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02739586
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: 29ebea8a59ebab7a4d4a44d83cd005aff0b9e76ae7ea01f8b3f935d487be2b8f
                                                      • Instruction ID: f2dc0c52acf0676fee487cf402772a76962d7739592778605fc980485578bf20
                                                      • Opcode Fuzzy Hash: 29ebea8a59ebab7a4d4a44d83cd005aff0b9e76ae7ea01f8b3f935d487be2b8f
                                                      • Instruction Fuzzy Hash: 771159729003089FDB14DFAAC845BDFBBF5EF88324F10881AE519A7250C779A941CFA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 00A49028 Relevance: 1.6, APIs: 1, Instructions: 55memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualProtect.KERNELBASE(?,?,?,?), ref: 00A4909B
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547916206.0000000000A40000.00000040.00000800.00020000.00000000.sdmp, Offset: 00A40000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_a40000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: ProtectVirtual
                                                      • String ID:
                                                      • API String ID: 544645111-0
                                                      • Opcode ID: 2f47df80e98d556fda07a09c1ab4515f703ffded02220bd8117dc28e6b579ccf
                                                      • Instruction ID: 66ea0295cb5c6360e47d7402ac1b1e292b9cabbd564171344c6eef6012efc87e
                                                      • Opcode Fuzzy Hash: 2f47df80e98d556fda07a09c1ab4515f703ffded02220bd8117dc28e6b579ccf
                                                      • Instruction Fuzzy Hash: 4F21E7759002499FDB10DF9AC484BDEFBF4FB48320F10842AE968A7650D374A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739518 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 02739586
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: AllocVirtual
                                                      • String ID:
                                                      • API String ID: 4275171209-0
                                                      • Opcode ID: ac8c12044ddd51cd74c1d142921e81cd8fe0b5e8262c8fdf8d862d39a281dc4e
                                                      • Instruction ID: 1a1c8874ab709913e5917c5a718e6ab5146a202fac05fa5fa806afdaaef40abd
                                                      • Opcode Fuzzy Hash: ac8c12044ddd51cd74c1d142921e81cd8fe0b5e8262c8fdf8d862d39a281dc4e
                                                      • Instruction Fuzzy Hash: EE1126769003489FDB10DFAAC844BDFBBF5EF88320F14881AE529A7250C775A940CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739388 Relevance: 1.6, APIs: 1, Instructions: 52threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: ef737a8dbc5b9e249de2726ca6a77f68d66f3f6496694af952f38fa16a1de9db
                                                      • Instruction ID: fec9a67e38ef47c47f5130cbbc04cd13841c9535ec06fa2b792fdb3381f5a728
                                                      • Opcode Fuzzy Hash: ef737a8dbc5b9e249de2726ca6a77f68d66f3f6496694af952f38fa16a1de9db
                                                      • Instruction Fuzzy Hash: 4D1146B19003488FDB24DFAAC4457EFFBF8EB88724F20842AD519A7240C7796940CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02739390 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: ResumeThread
                                                      • String ID:
                                                      • API String ID: 947044025-0
                                                      • Opcode ID: ad7b8ab724f27b354498a6f190a5d210ce89368498755a8cf6cc13a031ea6c6f
                                                      • Instruction ID: ad2ae3006db5edd11c8704e529ce2643f253fc0114fee9b39f66cb3164751eae
                                                      • Opcode Fuzzy Hash: ad7b8ab724f27b354498a6f190a5d210ce89368498755a8cf6cc13a031ea6c6f
                                                      • Instruction Fuzzy Hash: 381128719003488FDB24DFAAC4457DFFBF4AB88724F24841AD519A7640C7756540CFA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 02737ED4 Relevance: 1.5, APIs: 1, Instructions: 47windowCOMMON
                                                      Download Yara Rule
                                                      APIs
                                                      • PostMessageW.USER32(?,00000010,00000000,?), ref: 0273DF45
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1549708782.0000000002730000.00000040.00000800.00020000.00000000.sdmp, Offset: 02730000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_2730000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID: MessagePost
                                                      • String ID:
                                                      • API String ID: 410705778-0
                                                      • Opcode ID: 3e08e54cf47ab61f1b4478805107bb5dca50e766252f81abe6c2e60b9b337810
                                                      • Instruction ID: 70506a3a2b4e807313a6ba75c1c5ca2d37c238d50d07c8ba094bb39f970e9efa
                                                      • Opcode Fuzzy Hash: 3e08e54cf47ab61f1b4478805107bb5dca50e766252f81abe6c2e60b9b337810
                                                      • Instruction Fuzzy Hash: 7E1106B58003499FDB21CF9AC485BEEFBF8EB49314F10845AE928B7611C375A944CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE81F0 Relevance: 1.4, Strings: 1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0,$q
                                                      • API String ID: 0-919746613
                                                      • Opcode ID: 44efba484ea346966222a9fe1b216ce029a61a9d3fe4f4a34dd4d84214941f6b
                                                      • Instruction ID: 8d81b7c60dc3b91205657d32de9832a344b076591fbf40150cac72f9f91e92d2
                                                      • Opcode Fuzzy Hash: 44efba484ea346966222a9fe1b216ce029a61a9d3fe4f4a34dd4d84214941f6b
                                                      • Instruction Fuzzy Hash: A0419D74900248DFDB04EF91C994AAEB7B2FFC5302F14C9A9D0116B3A1D735C945CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE804F Relevance: 1.3, Strings: 1, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Strings
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID: 0,$q
                                                      • API String ID: 0-919746613
                                                      • Opcode ID: 6e0a8fc54fa268bd607c05329b64c4ced8a35bb4135d823ef846ba2be7035ba0
                                                      • Instruction ID: 93d5c028f50cff14fc82de920178452dd2d110b14f485db0a3a704dc4ad56388
                                                      • Opcode Fuzzy Hash: 6e0a8fc54fa268bd607c05329b64c4ced8a35bb4135d823ef846ba2be7035ba0
                                                      • Instruction Fuzzy Hash: A3F046302083849FC7457729D92088F3F56EFC67513028567E8448B3A3CF304D05A3AA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD1128 Relevance: .8, Instructions: 767COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ccf4cfd3dda14d50d81e22f1523491648c4194106ca788f799e43e06731f3f4a
                                                      • Instruction ID: a101161339d6fa47426e9f0aef9be6102898c9ce758c267a23e7e015013883b9
                                                      • Opcode Fuzzy Hash: ccf4cfd3dda14d50d81e22f1523491648c4194106ca788f799e43e06731f3f4a
                                                      • Instruction Fuzzy Hash: F6820831E002598FCB15DF68C8586EDB7B2FF89340F1486A9D80AA7351EB74AE95CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA56B25 Relevance: .6, Instructions: 577COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01d2f1e1698c3c7ddd87588a914e960dfe043c600c3edccf51440460e4084207
                                                      • Instruction ID: 5c71fe2c80d0a3f4396dc4b2b943939fa904c52ff807a221506310ceee90eeff
                                                      • Opcode Fuzzy Hash: 01d2f1e1698c3c7ddd87588a914e960dfe043c600c3edccf51440460e4084207
                                                      • Instruction Fuzzy Hash: EE323630B002049FDB58DF78D498AAD77F2BF89310F5585A9E8099B3A2DB30AC85CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE8A20 Relevance: .5, Instructions: 462COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 11bcf0b1d893efe1e5eee453fd0ec7858e20602c7ea789f510f76ed666a575e4
                                                      • Instruction ID: 51d78a10ab151a9996b21d336148130feb55615745503702c09e35734a552b33
                                                      • Opcode Fuzzy Hash: 11bcf0b1d893efe1e5eee453fd0ec7858e20602c7ea789f510f76ed666a575e4
                                                      • Instruction Fuzzy Hash: 3B029430B00208DFEB14ABA8D855BAE76B2FF84742F148679F546AB396CB70CC42D755
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5B600 Relevance: .3, Instructions: 340COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cf650f785cec112fb2d3abe51947574245cea4184af0c0e465ae5814059b6f6f
                                                      • Instruction ID: c08091155959f3cde9e07610cf0a5c89d936379db2c8d4ed311cb3db9bbadc23
                                                      • Opcode Fuzzy Hash: cf650f785cec112fb2d3abe51947574245cea4184af0c0e465ae5814059b6f6f
                                                      • Instruction Fuzzy Hash: 0DD16030601704DFD729DF34C491AAABBB6BF85311B144A6EE8568B3E1DB35D886CF24
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6A08 Relevance: .3, Instructions: 302COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f50d070c2be54dc21c2bb92468f4abcfb6b3d3cd41a2a55ffae4f7de516cc24
                                                      • Instruction ID: 33e483a73b065da1bd3eb6d8ef489ffdded5ec59a78546afc92938170f044c31
                                                      • Opcode Fuzzy Hash: 8f50d070c2be54dc21c2bb92468f4abcfb6b3d3cd41a2a55ffae4f7de516cc24
                                                      • Instruction Fuzzy Hash: 2BC16C35A007019BDB04EF79D49879A77B2FFC9300F14867DE80AAB396EF75A8448B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58BF0 Relevance: .3, Instructions: 302COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2534289d16781bd042cd9281dbc60dee442b023e77d86e2eaff2db0f77eba4f6
                                                      • Instruction ID: 258556e2f8699dc7292af268059d167c94b7ae86c1b43a3bbb2d83d4cf7097aa
                                                      • Opcode Fuzzy Hash: 2534289d16781bd042cd9281dbc60dee442b023e77d86e2eaff2db0f77eba4f6
                                                      • Instruction Fuzzy Hash: 95C10235A00204CFCB54DF78C598AADB7F2BF8C624B2145A9E806AB3A1DB35EC41DF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA52411 Relevance: .3, Instructions: 291COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf44cbc06523f078c5571d07c4797c38cf40c48ca5272e0476e2a6dfb29fe565
                                                      • Instruction ID: 4159be2602c937657d473cd831e322566ef06bded3b6f9565f911f85dba02267
                                                      • Opcode Fuzzy Hash: bf44cbc06523f078c5571d07c4797c38cf40c48ca5272e0476e2a6dfb29fe565
                                                      • Instruction Fuzzy Hash: F9D1A134A00604CFDB54CF68C588BD9B7F2BF44715F6681A9E8059B2A1CB34ED8ACF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09232E68 Relevance: .3, Instructions: 286COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a0478f8290b0bdb3c7e2a8fcebc770d1572be10c1c216b037512f492bf98397d
                                                      • Instruction ID: 9781fd7edea1009eb4f5d9ae00a2c5684682f1aebe634718f32dbec0144ad43a
                                                      • Opcode Fuzzy Hash: a0478f8290b0bdb3c7e2a8fcebc770d1572be10c1c216b037512f492bf98397d
                                                      • Instruction Fuzzy Hash: 80B19E70B10216CFDB24DF68C954AAD77F2BF89310F9581A9E456AB3A1CB35DC42CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE128C Relevance: .3, Instructions: 265COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 12ea1d8ec1dcad4239e76ce05410445316cd06f79199f789386619a01da7249e
                                                      • Instruction ID: 40fb8ee8e298689f6299e0945a5f3daffad9847c08d383d72add6d37e0cf7d40
                                                      • Opcode Fuzzy Hash: 12ea1d8ec1dcad4239e76ce05410445316cd06f79199f789386619a01da7249e
                                                      • Instruction Fuzzy Hash: 07918B357002048BCB15AB38C890B6E73A6EFC5792F508A6DF45A8B391DF34EC46CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB9729 Relevance: .3, Instructions: 261COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1b311fee34819190e814721a1d5ce44ee42b724c02b54153fe002dad508bb98
                                                      • Instruction ID: d929580a5f3c23a114815157f5942348a5eb9762202dddfee75092ef71511149
                                                      • Opcode Fuzzy Hash: b1b311fee34819190e814721a1d5ce44ee42b724c02b54153fe002dad508bb98
                                                      • Instruction Fuzzy Hash: DCA16C35B002018BDB04EF69D49479A77B2FFC9300F15867DD80AAB396EF75AC498B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA54798 Relevance: .2, Instructions: 245COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 251a6a2e64b9d6f374d0aa92a060bf3688267aef936488a198a3ad431b55d867
                                                      • Instruction ID: 32c305c2468f5500afd763e0406c1abcece8a3027658664284ceda9208c6f27c
                                                      • Opcode Fuzzy Hash: 251a6a2e64b9d6f374d0aa92a060bf3688267aef936488a198a3ad431b55d867
                                                      • Instruction Fuzzy Hash: 8491A035B00604AFDB06DFA0C848BEDBBB7FF89310F148169E5069B2A1DB359D56CB46
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEA0B7 Relevance: .2, Instructions: 243COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 82875b347a231c843c74ded76988c74915bf882e145969a7f2e72401f6b590ce
                                                      • Instruction ID: f190eef83bc61c66b662374b785b63e5fab1ac12354a27d5a23d0813f9c2cef0
                                                      • Opcode Fuzzy Hash: 82875b347a231c843c74ded76988c74915bf882e145969a7f2e72401f6b590ce
                                                      • Instruction Fuzzy Hash: 34915F30B04229CFDB14ABD4C944AADB772FF94782F25826AF446AB395C771DC42CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD4110 Relevance: .2, Instructions: 234COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2722273673ed254c0759d9e009db37d1c798129546bcf2df79092aea55037b9
                                                      • Instruction ID: 8fa32ddb263e09e8f8818eecb410391e2fc75ea3e19ebeb11ae704b178c32e57
                                                      • Opcode Fuzzy Hash: a2722273673ed254c0759d9e009db37d1c798129546bcf2df79092aea55037b9
                                                      • Instruction Fuzzy Hash: F6A15034A007599FDB14DF64C850BAEBBB5FF89300F10859AE449A7351EB709D82CF91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE8D1E Relevance: .2, Instructions: 218COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a1a8125ff3242820ce29b41a7d5d827a4ba3856fcfd55fce4b11cd8578833444
                                                      • Instruction ID: 4ada8acc2bb81cd9a93f9b20d4c3f82dd12cf1c102c40e3903de37fdd3f46324
                                                      • Opcode Fuzzy Hash: a1a8125ff3242820ce29b41a7d5d827a4ba3856fcfd55fce4b11cd8578833444
                                                      • Instruction Fuzzy Hash: 82818F30B00208DFEB14ABA4D815BAE77B2FB84742F148239F546AB796CB71CC41DB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA53FAC Relevance: .2, Instructions: 217COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44aba1486a3f1ab96d2b87a20a70bd75b15732604eb0bf1362310e8103105762
                                                      • Instruction ID: 0f02b73935c7e5ee3b978c78495ff4d39370b479c6a79264febe796485e08f62
                                                      • Opcode Fuzzy Hash: 44aba1486a3f1ab96d2b87a20a70bd75b15732604eb0bf1362310e8103105762
                                                      • Instruction Fuzzy Hash: A0A1D534A00204DFDB54DF68D888FA9B7B1FF45315F5985A5F8099B2B2DB30A885CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB69B8 Relevance: .2, Instructions: 213COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e2b62b05199c75f345047ca73e44d170dacadc467f1c8a480d6676a60c63998
                                                      • Instruction ID: a69f780f0966ab0724c8e2a1d2b325ca022f6a8a358b652168b84fb45b0a9449
                                                      • Opcode Fuzzy Hash: 4e2b62b05199c75f345047ca73e44d170dacadc467f1c8a480d6676a60c63998
                                                      • Instruction Fuzzy Hash: 2981B030A00B46CBDB11AF78C4147EAB7B9EF85340F10C669D55AAB251EF70EA86C790
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBDC0C Relevance: .2, Instructions: 208COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad1ff0747ca495b0eaaf3d8c804a728147adb84fae8573eec52484dc93bcf416
                                                      • Instruction ID: d2e78c748e639e6a123923beefc986f392360dd6840697f644bbbe2f9abbb9a2
                                                      • Opcode Fuzzy Hash: ad1ff0747ca495b0eaaf3d8c804a728147adb84fae8573eec52484dc93bcf416
                                                      • Instruction Fuzzy Hash: D991E835D0060ADFCF14DF68C850AD9B7B5FF88341F1086A9E959AB211EB31AA85CF90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6080 Relevance: .2, Instructions: 196COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2003c314d26a736ac89f1c98c4aa056ce31a15ab83443e2107df2257f6c79e18
                                                      • Instruction ID: 81826a93c00496385a82a1096fc9d9b17e61a05a2d783490ce09114c08d86e0f
                                                      • Opcode Fuzzy Hash: 2003c314d26a736ac89f1c98c4aa056ce31a15ab83443e2107df2257f6c79e18
                                                      • Instruction Fuzzy Hash: C9618C303007419FDB19AB79C851BAEB2D3BFC8651F20C52DD11A9B395CF79AC069BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB38D4 Relevance: .2, Instructions: 193COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 58f249e851e1744919afe2d40501274e23cbe1a5561432586b4a57c94b2f5d02
                                                      • Instruction ID: 78aaecd9b44f9ebe02021f3bdc0f65e29e8d38063befd31decd0ca228db3503d
                                                      • Opcode Fuzzy Hash: 58f249e851e1744919afe2d40501274e23cbe1a5561432586b4a57c94b2f5d02
                                                      • Instruction Fuzzy Hash: 27614D303007019FD718AB79C851BAAB2D3BFC8651F50C92DD11A9B395CF79EC0697A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE8DCB Relevance: .2, Instructions: 190COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 77e07010454d59b49448377c6fd5a1389715db0d2e63d9acc98329140906a19d
                                                      • Instruction ID: 0876ad5e655972823922290a57eee26f7eb227f33eaff86cda61c2e48fbd53a6
                                                      • Opcode Fuzzy Hash: 77e07010454d59b49448377c6fd5a1389715db0d2e63d9acc98329140906a19d
                                                      • Instruction Fuzzy Hash: C6616030B00204DFEB149BB4D919BAE76B2AFC4742F148269F546AB396CB718D01DB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE8DA6 Relevance: .2, Instructions: 188COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1ceb5dd6bf3da3a6e01dea627fc5f0c781db41d6c996af74544c72542b3c0ba
                                                      • Instruction ID: 0e6025c0805b4b8e2dc36426910d580cc305b33714f99afb27aab744bd81f95d
                                                      • Opcode Fuzzy Hash: c1ceb5dd6bf3da3a6e01dea627fc5f0c781db41d6c996af74544c72542b3c0ba
                                                      • Instruction Fuzzy Hash: DA615030B00204DFEB149BB4D915BAE76B2FFC4B42F148269F506AB396CB71CD429B55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD4100 Relevance: .2, Instructions: 184COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e74427595f10505c2c86a4fe846088d068192710c0d8664010fe9b36d8cbcf3
                                                      • Instruction ID: 54aad288dbb7b8ec2db7965d113b27667fd585f617d00c4dd9e8427b3159ac47
                                                      • Opcode Fuzzy Hash: 1e74427595f10505c2c86a4fe846088d068192710c0d8664010fe9b36d8cbcf3
                                                      • Instruction Fuzzy Hash: 2951CC30B002158FDB04DBB9D858A6EBBEBFFC87617158569E405DB3A1DF709C028B91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDE9D0 Relevance: .2, Instructions: 178COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e18a843b88d0523b1eba996bc06a44ad4fb68fc2b9c7f47856ed3fa2e6cd8c74
                                                      • Instruction ID: d932121b6ea87f84dc438b52703b2a356cac26ff955326077b27b71bc111312b
                                                      • Opcode Fuzzy Hash: e18a843b88d0523b1eba996bc06a44ad4fb68fc2b9c7f47856ed3fa2e6cd8c74
                                                      • Instruction Fuzzy Hash: 1F51D1307047008FD764AB7A999462ABBE7BFC8B61354863DE44ACB7A1DF70EC028751
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA54788 Relevance: .2, Instructions: 159COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 23a8003ff78730bd740672b3ba916a1da9d4a69794b0fcc81996c74bb956f520
                                                      • Instruction ID: 006cc6447f81d4689354e60eb1235fd2cbcd4cd4e3b42e748a831c5b2c3476dd
                                                      • Opcode Fuzzy Hash: 23a8003ff78730bd740672b3ba916a1da9d4a69794b0fcc81996c74bb956f520
                                                      • Instruction Fuzzy Hash: 36517C39B006449FCB06DFA0C858AADBBB7AFC9310F148159E506DB2A1DF329D56DB42
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1F50 Relevance: .2, Instructions: 158COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a6108a44863f6d49b18d6900ad7d001ba16c9e5d3126ae0e209868fb449c9227
                                                      • Instruction ID: 8a28d34c290d711be92bf566939d7bd0d52b00a7029b97feddde6f4d10e24f1e
                                                      • Opcode Fuzzy Hash: a6108a44863f6d49b18d6900ad7d001ba16c9e5d3126ae0e209868fb449c9227
                                                      • Instruction Fuzzy Hash: 275180353006048FCB25EF74C880AAA73A6FF85396F10862DF55A8B3A1DB31E941CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1F31 Relevance: .2, Instructions: 155COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a2580a47d4b1f3d80364226dbd9d0fe4d006277330719f1ba68afc317054cfc8
                                                      • Instruction ID: 7c1df2edaa3c0ea6bbbfafdfbb9bb38358b83b36c4d3dceecac79f41e4380119
                                                      • Opcode Fuzzy Hash: a2580a47d4b1f3d80364226dbd9d0fe4d006277330719f1ba68afc317054cfc8
                                                      • Instruction Fuzzy Hash: FD516F35300604CFCB25EF74C880AAA73A6FF85356F10862DF56A8B3A1DB31E946CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5A378 Relevance: .1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a409a374fcc5aeb4d9c139e7aaa967d2fbf58c4413ed5f7b56234ae434c583d8
                                                      • Instruction ID: 66523b84f2138de3d1b1897fc8fb4d78502c8bfde9ec8218af3a46f33c163980
                                                      • Opcode Fuzzy Hash: a409a374fcc5aeb4d9c139e7aaa967d2fbf58c4413ed5f7b56234ae434c583d8
                                                      • Instruction Fuzzy Hash: B05131317101058FDB14CF78D988AE9B7F2BF88754F1582A9E816DB2A0DB30E881CF94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD40B0 Relevance: .1, Instructions: 144COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c94b613bd94448fc72bc3773b187da88d201134ab7eb6e65340ffe2b08cdd487
                                                      • Instruction ID: cc2ee09ddc58bd4199f6e696c04d9afc9bd36b4d956f95c9b743953e324c35df
                                                      • Opcode Fuzzy Hash: c94b613bd94448fc72bc3773b187da88d201134ab7eb6e65340ffe2b08cdd487
                                                      • Instruction Fuzzy Hash: 9651F130A047418FCB01AB7DD814AADBBF1EF86251F1546AAD409EB3A2DB30DD85C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1510 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4021f713530e7bdb123b59abebef3fc7247b25ba98afa3aae6b6e5d5567edfc4
                                                      • Instruction ID: 3de29b914e786072dc490594a5109e5d887a562948e213e4d882ae5f68fd40aa
                                                      • Opcode Fuzzy Hash: 4021f713530e7bdb123b59abebef3fc7247b25ba98afa3aae6b6e5d5567edfc4
                                                      • Instruction Fuzzy Hash: E35191706003019BDB00EF34D8817A973A2FFC5725F54C67DD818AF3A6DBB5994A8BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1501 Relevance: .1, Instructions: 143COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a26f9a5dd72515b6130116214b338b5c298597297bf9a88afc1e8676e84e771c
                                                      • Instruction ID: 82da62ec4aa2842346b215ec662955fe3335c4ed7a262c3173c639d0506fb36b
                                                      • Opcode Fuzzy Hash: a26f9a5dd72515b6130116214b338b5c298597297bf9a88afc1e8676e84e771c
                                                      • Instruction Fuzzy Hash: 7251A2706003018BDB00EF24D8817E973A2FFC5721F14C67DD8189F3A6DBB5990A87A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB90A8 Relevance: .1, Instructions: 142COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1dae8e7795c0ee085aaca2647203d2cef83a75538bddcb9b5e3697f5e9d51bd
                                                      • Instruction ID: 9fcefd428d4f03df2dc041def201b7010ebf09e8216600aba2fe52f9f242cad1
                                                      • Opcode Fuzzy Hash: b1dae8e7795c0ee085aaca2647203d2cef83a75538bddcb9b5e3697f5e9d51bd
                                                      • Instruction Fuzzy Hash: 02512932D00B528BCB11AF69D850195F3B1FF99320729CB6ADC5D7B306EB71B9918B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB2EC Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cde4bbe53041c0a2d9f9b54e8477cf36fee49999b0e8563a73f70faef4d8c864
                                                      • Instruction ID: 56c361ded8211cdb033425f9febb53e346073c2291390e55b01c1c31affb0980
                                                      • Opcode Fuzzy Hash: cde4bbe53041c0a2d9f9b54e8477cf36fee49999b0e8563a73f70faef4d8c864
                                                      • Instruction Fuzzy Hash: E2519131A04619CBDB14AF68C8402BEB7B0FF442B2F50472BF9A6F7290D334EA518B51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB460 Relevance: .1, Instructions: 139COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e54496b320f83de1734eb051506929a5a2b0496dfa65236129a770744973ed44
                                                      • Instruction ID: 0b70d3bcbeb4208b64f508695c59a9a0b19ced4584bcaeb9780e1acfec7589ec
                                                      • Opcode Fuzzy Hash: e54496b320f83de1734eb051506929a5a2b0496dfa65236129a770744973ed44
                                                      • Instruction Fuzzy Hash: 1851D471904259CFC711EF69C8406AEBBF5AF82362F1486AFE195EB252D334E901CF61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5CE08 Relevance: .1, Instructions: 135COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d0ea06342b9f6b6081a044b4b806eb301d6824cb17f20c7b0fb9c71a6a398b6e
                                                      • Instruction ID: 4effc607e0965b5ee09a3833e56a7d1a15cbee50001f5a8c8d6480715fff9e09
                                                      • Opcode Fuzzy Hash: d0ea06342b9f6b6081a044b4b806eb301d6824cb17f20c7b0fb9c71a6a398b6e
                                                      • Instruction Fuzzy Hash: 3E4141353107018FDB64DF3AC884BA973E6BF89A24F058069E84ACB2A5DB34EC45CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5CDF7 Relevance: .1, Instructions: 134COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5f147a4397d0e3af79c8519222ca5a7cbb5f151c4fabb1c948eda103174c1a43
                                                      • Instruction ID: f4ea1aaa31530c68177e7b12eea7af87cbe2d1e9f9f378fe37c8b817a7596304
                                                      • Opcode Fuzzy Hash: 5f147a4397d0e3af79c8519222ca5a7cbb5f151c4fabb1c948eda103174c1a43
                                                      • Instruction Fuzzy Hash: 074172363107118FDB64DF3AC884AE977A5AF85634F06406AEC49CB2E6DB30E845CF55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBC30 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5ca2b3bf7441240a5b830609d09fe67f4a31b97fb1c44be0557e22bd33e79412
                                                      • Instruction ID: d2d9ad34ba227f0b6f0be4c01dad5a9e12b355f5121032df5b23bb06f7990219
                                                      • Opcode Fuzzy Hash: 5ca2b3bf7441240a5b830609d09fe67f4a31b97fb1c44be0557e22bd33e79412
                                                      • Instruction Fuzzy Hash: 0F414D74D09119DFCB00EFA4E5849EDBBB0FF4E261B405A56E496B7316D730E850CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09233A60 Relevance: .1, Instructions: 133COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b6d66362d3ed13585a2cd514b7610452cabf8e70066dcbaeec1beda7bb8d3dda
                                                      • Instruction ID: d940eeb5b58f01e3b67a9ef42e200825dd045f5a8d4a7620124077427299ebcf
                                                      • Opcode Fuzzy Hash: b6d66362d3ed13585a2cd514b7610452cabf8e70066dcbaeec1beda7bb8d3dda
                                                      • Instruction Fuzzy Hash: 81415A712106069FCB14DF28D884AAAB3E2FFC4761F94C66AF5098B361DB71ED45CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1CE8 Relevance: .1, Instructions: 132COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 59ddd09ee469fd006baa9485d1692c8ecef1f6c55fd489482e4f3f7da685d365
                                                      • Instruction ID: a0d361d8e616cf658f78e88f6b5fdd8de9fdc3d1a540f8c8edc0fe24b51b3848
                                                      • Opcode Fuzzy Hash: 59ddd09ee469fd006baa9485d1692c8ecef1f6c55fd489482e4f3f7da685d365
                                                      • Instruction Fuzzy Hash: D1517078B00611DFCB05EF78C490929B7B2FF86742BA186ADE4159B351DB31EC52CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE1CD9 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ca8bb7ab3a3fba5223fcef09dfd1b27a07fa59facb0e26846fd97236f7a69d5
                                                      • Instruction ID: 893afa5fe3aeda7d62edb173b3662c9b2dd629dfb7c2888a2fa8c5ecd75e0e9b
                                                      • Opcode Fuzzy Hash: 6ca8bb7ab3a3fba5223fcef09dfd1b27a07fa59facb0e26846fd97236f7a69d5
                                                      • Instruction Fuzzy Hash: AC51A274B00611DFCB05EF78C484969BBB6FF86302B9186A9E415DB3A1DB31EC52CB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0630 Relevance: .1, Instructions: 131COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 57bf7bb8d6e1653b0e2c66f5b9c7cfd78d77dd4b7ece0c7ccfe33ccd3dc15a4a
                                                      • Instruction ID: 62fb5fba381d462c0a8e4e844631d97fcd99de427ed2681bceda42b54d990b39
                                                      • Opcode Fuzzy Hash: 57bf7bb8d6e1653b0e2c66f5b9c7cfd78d77dd4b7ece0c7ccfe33ccd3dc15a4a
                                                      • Instruction Fuzzy Hash: 1C416D357006158FD724AB79C858B2977E6FFC86A2F55426CE806DB390EEB0CC41CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBAD8 Relevance: .1, Instructions: 129COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e55bef878b9d5946dff8c525badb4d132f213169f8bf7e816e818febb887ca19
                                                      • Instruction ID: 1fdf0fb693cb21c57e48f65d125c162fd6346a8767407217aa40dd20bd318940
                                                      • Opcode Fuzzy Hash: e55bef878b9d5946dff8c525badb4d132f213169f8bf7e816e818febb887ca19
                                                      • Instruction Fuzzy Hash: 4B41AF74909684DFC706CB69E690988BFF0EF8A201B2681DAD484DF373D7349E19DB12
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0278 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4a7e0195d8864791595d35dc03e18feb1a4da18ffdfebce238f223ca729e9316
                                                      • Instruction ID: 1449aa0cef1db6ba7d45b97a40be5f13feae6f41bd2a2e76d064fe061f38cd25
                                                      • Opcode Fuzzy Hash: 4a7e0195d8864791595d35dc03e18feb1a4da18ffdfebce238f223ca729e9316
                                                      • Instruction Fuzzy Hash: 0F41D120300B908FDB25A73A849076F7BE6BFC5655F08461DD4828B7A2CFB4DC02C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBB920 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3bba4968e15abf069f458f94c1bbcc2bf69ada8c28d22bf535b3d9d3dd63797a
                                                      • Instruction ID: 7442ad6302083cd7e76fe72b7060b701d7e1c52db9f613471163fb089584010e
                                                      • Opcode Fuzzy Hash: 3bba4968e15abf069f458f94c1bbcc2bf69ada8c28d22bf535b3d9d3dd63797a
                                                      • Instruction Fuzzy Hash: 1F411334A00300CFCB19AB35D4506FEB7E6EFC5262F4885AED04A9B360CF749846CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBC778 Relevance: .1, Instructions: 124COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ac0084e5241a7c1d3755c30963a3cfd9fe35b71df9d16ecb97b52c964b036d4a
                                                      • Instruction ID: 71cb1f6565fda1388f506238e0ab6c029a3633bcb822672c193292e8b342e139
                                                      • Opcode Fuzzy Hash: ac0084e5241a7c1d3755c30963a3cfd9fe35b71df9d16ecb97b52c964b036d4a
                                                      • Instruction Fuzzy Hash: 71414879E1025ACFDF15EF69E454AED7BB1BF887A1F144129D406A7340EB38D801CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD0808 Relevance: .1, Instructions: 123COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 81a20c9fd3db8be7de0e2a0fdbb65bafac101fcdb604a10a1b2f07c577223c6d
                                                      • Instruction ID: 56dca9dd254f954ba0505654d064ecd3e1169407ca3bd12940f90e48fce5d33a
                                                      • Opcode Fuzzy Hash: 81a20c9fd3db8be7de0e2a0fdbb65bafac101fcdb604a10a1b2f07c577223c6d
                                                      • Instruction Fuzzy Hash: 21512A35A01209EFDB00DF94E594BDEBBF2EF88351F248169E905A7390CB31AD41CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6998 Relevance: .1, Instructions: 121COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 79aa2907d813167e6476373636ec074406ae4adf70a96a53a0f23c5ce5d4062f
                                                      • Instruction ID: df34907ee77101d319aae6d0dcbde512b53c96269e288ae5e75e8c2d423d670b
                                                      • Opcode Fuzzy Hash: 79aa2907d813167e6476373636ec074406ae4adf70a96a53a0f23c5ce5d4062f
                                                      • Instruction Fuzzy Hash: 32411A34A10209CFDB44EFB8C854AAEB7B5FF84381F108669E846AB365EB70D945CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEE130 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9c9fb660e113152d8c8c297ba6475607887e4f13a6aa6854996c7311d20e2830
                                                      • Instruction ID: 96f3a5f3dffad49131ca02858842c9ac5165bacc4cee4e3fcc154a17e43822c6
                                                      • Opcode Fuzzy Hash: 9c9fb660e113152d8c8c297ba6475607887e4f13a6aa6854996c7311d20e2830
                                                      • Instruction Fuzzy Hash: C241CF75E002198FCB04DFA9C880AEEBBF1EB89341F14852AE819F7305E7359A458B60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0288 Relevance: .1, Instructions: 120COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5874618d90c9502bb4ff0510153d4a4af096d90e6805a1e5eed8e51d2ca5f5f5
                                                      • Instruction ID: 14d06a2b0892eebce55615d65a2d5b07c725f1a9a17c395d04ff46e1f6d64335
                                                      • Opcode Fuzzy Hash: 5874618d90c9502bb4ff0510153d4a4af096d90e6805a1e5eed8e51d2ca5f5f5
                                                      • Instruction Fuzzy Hash: F541A220300B908BDB25A73A845076F7BE6BFC5655F08461DE4838B795CFA4EC42C7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE53D0 Relevance: .1, Instructions: 119COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8d9661aaa2bcc750ac226f497994b3aff925d2ff206dcb0f0d6648e1e7d974ac
                                                      • Instruction ID: 3598b2e19accda11e68e22e2528c6e8b2399dd263a5b8a68689d9cb3140e859e
                                                      • Opcode Fuzzy Hash: 8d9661aaa2bcc750ac226f497994b3aff925d2ff206dcb0f0d6648e1e7d974ac
                                                      • Instruction Fuzzy Hash: 9A41EA356002448FCB15EB78E84496EBBFAFFC82A1755866DE409CB341DF30DC028BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA51148 Relevance: .1, Instructions: 118COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 682be83710f0a6638ce6e7d794d9b2990f554531c19822f26515b036a9d58a06
                                                      • Instruction ID: 71813b5bcdb2ab9413e3cc3ad4e45e2b46ba637ad3160506999d685cdb5fc887
                                                      • Opcode Fuzzy Hash: 682be83710f0a6638ce6e7d794d9b2990f554531c19822f26515b036a9d58a06
                                                      • Instruction Fuzzy Hash: F541BF31601601AFD728AB78D5447FEB3E5EBC5310F14866EE81987781CB749845CB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBC40 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 804c1a10d3af96d8c61da4f437bdf72a77f3a9bd1bfe4c83c6c727ef938e3c36
                                                      • Instruction ID: e1682ce8e1d0af1bd1c38923e830164d837812e1d7662e7d2001057c77e6af0f
                                                      • Opcode Fuzzy Hash: 804c1a10d3af96d8c61da4f437bdf72a77f3a9bd1bfe4c83c6c727ef938e3c36
                                                      • Instruction Fuzzy Hash: B8411874D09219DFCB00EFA4E5849EEBBB4FF4D2A1B405A56E496B7316D730E810CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB69D9 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f95af65147264ce72f976f44c84c868c87fc8958906f026477980e491d3b417c
                                                      • Instruction ID: cbba7c2a4af440cf4f1d8dcfead76d053ec843214b5fbc4245592d0a03ec931a
                                                      • Opcode Fuzzy Hash: f95af65147264ce72f976f44c84c868c87fc8958906f026477980e491d3b417c
                                                      • Instruction Fuzzy Hash: 3A510732C10B5686CB51DF69C850181F3B1FF99320B2ACB6ADD9D3B206EB71B594CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA577D8 Relevance: .1, Instructions: 117COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d792f8105b859eecd8cb577f39a7a3d993adf21f4ddf2b7d77376409d3f35b2e
                                                      • Instruction ID: 41d6b357680f10c4abe3deb0dc0c5ce87b02f378a97d89287fb7e30f1f0b0fc8
                                                      • Opcode Fuzzy Hash: d792f8105b859eecd8cb577f39a7a3d993adf21f4ddf2b7d77376409d3f35b2e
                                                      • Instruction Fuzzy Hash: D14154307006019FDB68AF34C984BBEB3E7BF85710F108969D9469B2D1CB75AC86CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA577C8 Relevance: .1, Instructions: 115COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 41c5000554fdc4fc9e1fc842d7f829eedf95705bb1bccbee4357ad9b274c3321
                                                      • Instruction ID: 85c377edc2ac79e119c026758eb79b15cc7c9b7ad47bd7f28d865632c72817c0
                                                      • Opcode Fuzzy Hash: 41c5000554fdc4fc9e1fc842d7f829eedf95705bb1bccbee4357ad9b274c3321
                                                      • Instruction Fuzzy Hash: D1416130700601DFDB68AF34C984BBEB3B2BF84310F108A69D9559B2D1CB75A886CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB69E8 Relevance: .1, Instructions: 112COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ae2782425321ace1af1b44d7bbf5e6813f32a4ae9a09ad761745862164f92e1d
                                                      • Instruction ID: 83f01832da5b68c2b3d9f5115affe7daeb65d95b71bf3b9857b6c57ce0644c29
                                                      • Opcode Fuzzy Hash: ae2782425321ace1af1b44d7bbf5e6813f32a4ae9a09ad761745862164f92e1d
                                                      • Instruction Fuzzy Hash: AF510832C10B5686CB11DF69C850181F3B1FF99320729CB6ADC9D3B206EB71B990CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEC9BA Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1d8ce329f73ac70e1f7d54799e4f08e51b92780f58eb2ee665b48aee9287050a
                                                      • Instruction ID: 8e9bb7b87ef7cee0c4342136e95f986a689d586ed1a3676bdb46951a4c818fb3
                                                      • Opcode Fuzzy Hash: 1d8ce329f73ac70e1f7d54799e4f08e51b92780f58eb2ee665b48aee9287050a
                                                      • Instruction Fuzzy Hash: 52418C74E20218DFCB14DFA9D884AEDBBB1FB49345F10966AE806F3351E734A942CB10
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6E90 Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2a0af8dd4c9449194fb6f01ac54a99faf73a41b4c00a516a252fb353b7f91b7f
                                                      • Instruction ID: 26dada747d3000e1f0fe9dc88fd133694b1a37e1f17fe0cf41683778ba027032
                                                      • Opcode Fuzzy Hash: 2a0af8dd4c9449194fb6f01ac54a99faf73a41b4c00a516a252fb353b7f91b7f
                                                      • Instruction Fuzzy Hash: E74167B5D00219DFCB15DFAAC804ADEBBF5EF89250F10856AD45AA7310DB349905CFA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA531F1 Relevance: .1, Instructions: 110COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 496c91c4cb1d606af4441190b9af523ef11fcd9d8d1281485d91d24e35e71070
                                                      • Instruction ID: d52385f19068641c60a4032800190a38577dc9757eb8fcfa8524ae39c0f7f283
                                                      • Opcode Fuzzy Hash: 496c91c4cb1d606af4441190b9af523ef11fcd9d8d1281485d91d24e35e71070
                                                      • Instruction Fuzzy Hash: 8A415F307047508FCB169F39D9685AD7BF2AFC5611309815AE446CB7E1DF389C02CB56
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA540F0 Relevance: .1, Instructions: 109COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dd796fc11aa69e73b52bdadb4d3c5a4d6de2cd27386d48f1f527b119d87201d1
                                                      • Instruction ID: 74d969e8a0aa66245cbae5fefc0fedb65f6fe2f0bf87bc216fa616beb75cad44
                                                      • Opcode Fuzzy Hash: dd796fc11aa69e73b52bdadb4d3c5a4d6de2cd27386d48f1f527b119d87201d1
                                                      • Instruction Fuzzy Hash: B141AD707006209FD715AF38D85866D7BF6BF89211B108269F45ACB392DF38DC42CB95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5D818 Relevance: .1, Instructions: 107COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a42d57685d333f11be034ecfe0ce50ae5c4a436bd1b18875234fe418d864148e
                                                      • Instruction ID: e1de50a1654fe1bdd4149985e67b0f60ec470476b3a8250334c5a05cbb59d4e0
                                                      • Opcode Fuzzy Hash: a42d57685d333f11be034ecfe0ce50ae5c4a436bd1b18875234fe418d864148e
                                                      • Instruction Fuzzy Hash: E0410031D0074A8ECB51EFB8C484AEDB7B0FF45300F05866AD859A7161EB30E685CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5A554 Relevance: .1, Instructions: 104COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5a77b2d17fcd182f3b72f5a0cf4da6aca4fad0778e2d039bceccea4131c7374c
                                                      • Instruction ID: 56f902c2fa077ee4382d9a3dbe9ff3845389986ce235610386aca41827a56cd8
                                                      • Opcode Fuzzy Hash: 5a77b2d17fcd182f3b72f5a0cf4da6aca4fad0778e2d039bceccea4131c7374c
                                                      • Instruction Fuzzy Hash: 07415C303006008FD7659B38C848B9A77E6AF85725F15866AE55ACB2E1DF74A88ACF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA54100 Relevance: .1, Instructions: 102COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1df6126bbfcfc6f9255ff97a31272ca5bbe926cbd84173924999ced9818e023b
                                                      • Instruction ID: 5094ba3e2d20ed1a0d9c8e85e81f2cacb913dca4bcbdf2401a99b5f8ae028032
                                                      • Opcode Fuzzy Hash: 1df6126bbfcfc6f9255ff97a31272ca5bbe926cbd84173924999ced9818e023b
                                                      • Instruction Fuzzy Hash: 84317A307006209FDB19AF38D85866D7BE6BF89211B10826DE45AC7391DF38D8428B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58360 Relevance: .1, Instructions: 101COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 20557133cbf4c38f25879c35e2ef6ba46d4cd9fc4cb1e3b53668eea7b9c951d2
                                                      • Instruction ID: 56eacaf381651db5ddbc77aab4274f4767ebfcaea57b6104d8ba5bb2d8ae6796
                                                      • Opcode Fuzzy Hash: 20557133cbf4c38f25879c35e2ef6ba46d4cd9fc4cb1e3b53668eea7b9c951d2
                                                      • Instruction Fuzzy Hash: 61310A34310600CFDB54DB39C844BAA73E6BF89B14F1684A9E94ACB3A1DF39E841DB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB4D2 Relevance: .1, Instructions: 100COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e5a8b1fb5ae38228f1b10d702862a014f9a2bb0f166633fc0bd20fea1e6ef393
                                                      • Instruction ID: a8814ebf7afd70b8cc061d5080096edf565ce725bdc92bea7c725516cbfacc5c
                                                      • Opcode Fuzzy Hash: e5a8b1fb5ae38228f1b10d702862a014f9a2bb0f166633fc0bd20fea1e6ef393
                                                      • Instruction Fuzzy Hash: 6241AE71904259CFCB11EFA9C9405AEFBF5AF863A2F144A6BE096FB211D334E9008F50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5B4E8 Relevance: .1, Instructions: 98COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1f9b3c9cb662cf9d8e3c9e513ea4f0b6a3f3dee4f15309b9b2d8bd12dd7a5502
                                                      • Instruction ID: 407577eea78612b5219161d214db642866ad2497b1b13aec84e43582dd468269
                                                      • Opcode Fuzzy Hash: 1f9b3c9cb662cf9d8e3c9e513ea4f0b6a3f3dee4f15309b9b2d8bd12dd7a5502
                                                      • Instruction Fuzzy Hash: 43312A757002149FCB14DF68D884AAD7BB2BF89721F1142A9E9269B3F1D771DD01CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5B4F8 Relevance: .1, Instructions: 95COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e7ec2684b2976fecf28c1745b093bc676d38e08c092c2b97726267ea871ade43
                                                      • Instruction ID: 1c82334a90292807dbd06b6105c6b7f134fadf2328df830bf502c61472aff820
                                                      • Opcode Fuzzy Hash: e7ec2684b2976fecf28c1745b093bc676d38e08c092c2b97726267ea871ade43
                                                      • Instruction Fuzzy Hash: 0E3127757002149FCB18DF68D884AAD77B6FF88721B214269E9268B3F1DB71DC01CBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58943 Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 16abf1201c860269ff7f6fa60731f1367705cc45baf23734ea9dd2c671ce5167
                                                      • Instruction ID: 7bd695cd85a50627ee546da314b7268f395eea6d6dfc6c5e8dab906be4c6e23d
                                                      • Opcode Fuzzy Hash: 16abf1201c860269ff7f6fa60731f1367705cc45baf23734ea9dd2c671ce5167
                                                      • Instruction Fuzzy Hash: 863119343106008FDB54DB39C444FAA77F6AF89A14F1680A9E94ACB3A2DB39E841DB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDC01C Relevance: .1, Instructions: 94COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3f8324b8ab0e2ff561bdf24d661cf3f4c9afde32f23de3c8266b095a5b2da27f
                                                      • Instruction ID: b4766c68ce1f37c64acb30683f897ebc0ea96a487f77b011bb72bd0f016d1e02
                                                      • Opcode Fuzzy Hash: 3f8324b8ab0e2ff561bdf24d661cf3f4c9afde32f23de3c8266b095a5b2da27f
                                                      • Instruction Fuzzy Hash: 1E21E1353007468BD7209B76A4E832A7BE7BFC42A6F150B2DD94787381DFB4D8068721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBB32C Relevance: .1, Instructions: 93COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8433eaa67d1bf0e9e1901a822c0e2e35283082aa4debce75c41dfcc5b6015d09
                                                      • Instruction ID: 166ff05829c65566dc87bb93496059074e546cb78635210ee82ffedb26eed29d
                                                      • Opcode Fuzzy Hash: 8433eaa67d1bf0e9e1901a822c0e2e35283082aa4debce75c41dfcc5b6015d09
                                                      • Instruction Fuzzy Hash: 6431A274900700DBDB04EF29D85479577B6FF88261F48CA7AD84A6B34AEF34A844CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA51D09 Relevance: .1, Instructions: 92COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9eb6bdd80d16aae8edf21ba59ff360112138bbdf504658ca6aca9b28073587de
                                                      • Instruction ID: 2676d345db45f27f910a264123ade03d2096e0f0fb5047a60395b87700dde1ff
                                                      • Opcode Fuzzy Hash: 9eb6bdd80d16aae8edf21ba59ff360112138bbdf504658ca6aca9b28073587de
                                                      • Instruction Fuzzy Hash: C6312A75A006008FC705DF69C5849D9BBF1FF89720B1985AAE8059B3A2CB35EC45CF65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB695C Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e541bb0754895ff0f9a1d523f082e7a6005e9101ac41048331278cb3c7fbc620
                                                      • Instruction ID: c6966685a6c2cf78eab9d917e99f6d5537f5a6f70fee1f9670792899bea804ac
                                                      • Opcode Fuzzy Hash: e541bb0754895ff0f9a1d523f082e7a6005e9101ac41048331278cb3c7fbc620
                                                      • Instruction Fuzzy Hash: 4A317A34A14245CFCB44DFB9C854AEABBF5EF85381F1046A9E806DB361EB70D804DB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6D78 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7b4f3e4002cea1bb650d162c7f2c5ed15ef5768ccf2bbad764f659b965f9d47a
                                                      • Instruction ID: 2630dce96d90caaefa026c8eb6c6c3f878195b0a018460e81024b90eacfadbef
                                                      • Opcode Fuzzy Hash: 7b4f3e4002cea1bb650d162c7f2c5ed15ef5768ccf2bbad764f659b965f9d47a
                                                      • Instruction Fuzzy Hash: FC318E31704200DFDB54DB69E880BAB77EAFBD8251B14867DE51ACB325DB30EC468B61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDE840 Relevance: .1, Instructions: 90COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2d2377c6c63cc760acb0b533f531e9bb8838af413add3fbc0ace4fa9cb903439
                                                      • Instruction ID: 88958640cf7da6070dcd8b4d71ac2528de08a0651048db4a113737c18ead0a1b
                                                      • Opcode Fuzzy Hash: 2d2377c6c63cc760acb0b533f531e9bb8838af413add3fbc0ace4fa9cb903439
                                                      • Instruction Fuzzy Hash: 8D3102303007009BCB15EB39D810A9E7BE2FFC5A20704CA6DE0468B395DF66AD0687D6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8987 Relevance: .1, Instructions: 86COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 70e1b72d5c50e7589e6cfb5aac178a3310c120bb67dae64cb1f58b972abaf4d6
                                                      • Instruction ID: eeb9a419240ed1423ed2b9a0720c354635fe987a472a77325fe7086647e3f5ca
                                                      • Opcode Fuzzy Hash: 70e1b72d5c50e7589e6cfb5aac178a3310c120bb67dae64cb1f58b972abaf4d6
                                                      • Instruction Fuzzy Hash: 19317834A10205CFCB44DFA9C854AAABBF9FF44381F1085A9E846DB364EB70DC40CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F920 Relevance: .1, Instructions: 85COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7b162ee69538f46ac54785b0b943ca468b33f68a11be2dba93e4ea8e11790244
                                                      • Instruction ID: ede2d078d6de7a807819d8fde67d10182a293b603ef683ece94b3e8c8bb379dc
                                                      • Opcode Fuzzy Hash: 7b162ee69538f46ac54785b0b943ca468b33f68a11be2dba93e4ea8e11790244
                                                      • Instruction Fuzzy Hash: D6215B31B052159FC714ABBD98956EEB7DADFCA12032184BBE90ACB392DE31CC014795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA59CF0 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f97790719df2083ea0c19406251cfaaaf9dd321bd1e1e8d615adc9746fd133ba
                                                      • Instruction ID: 839c540615c7ce5c6f457f0a9cc6cc5d8f1f09e5b720628d47bf11ac0113156c
                                                      • Opcode Fuzzy Hash: f97790719df2083ea0c19406251cfaaaf9dd321bd1e1e8d615adc9746fd133ba
                                                      • Instruction Fuzzy Hash: 36312D303006009FD764DB38C88CB9673E5BF84765F518669E95A8B2E1DF70E88ACF44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5C277 Relevance: .1, Instructions: 84COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 49651553f325be3268b09954b26607fb262a00ab4061d1ccde04bfcfdad11589
                                                      • Instruction ID: 9aeb002dc6e6b6b70dd1a4954eb544101016acdb6bffd0789bc5ad127a866d61
                                                      • Opcode Fuzzy Hash: 49651553f325be3268b09954b26607fb262a00ab4061d1ccde04bfcfdad11589
                                                      • Instruction Fuzzy Hash: 7131F230204349CFCB31EF35D4508EBBBB5AF8222071446AEEC528A2D5DB36D846CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA554C8 Relevance: .1, Instructions: 83COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8f929d9dcbf2395cdd06774e5a8d7d33f3807669bb855ff49a508d33e7e8c9e1
                                                      • Instruction ID: 86d6d79553e91116b5fe6cdbd9e8b243d825119198d99ad1834b84f705345407
                                                      • Opcode Fuzzy Hash: 8f929d9dcbf2395cdd06774e5a8d7d33f3807669bb855ff49a508d33e7e8c9e1
                                                      • Instruction Fuzzy Hash: 23212130B506028FDB58DB79D8446A977F7AFC5921715806DF806CB2E1DF35DC028B59
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5ED0 Relevance: .1, Instructions: 82COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 340355dbc891aa361baa29d2307801419350726fb638ff44f56bd4e766a32e02
                                                      • Instruction ID: d2415553a876b60a4d54ee6d527d956d6f044b3646df2aa858cf31ee1883f517
                                                      • Opcode Fuzzy Hash: 340355dbc891aa361baa29d2307801419350726fb638ff44f56bd4e766a32e02
                                                      • Instruction Fuzzy Hash: 7B31B235900746CBCB119F6AD840691B771FF86320F25C7B9D8AE6B292EB31A581CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB7FD8 Relevance: .1, Instructions: 80COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0bd4d6c1cfef0d18ff606dc953aeeda724e771ad780c517f2d54286cff840d14
                                                      • Instruction ID: 69548507ebf6bef39f4687525cdbc9eabc0d33ee91a3f8a28f1d20212a38f90f
                                                      • Opcode Fuzzy Hash: 0bd4d6c1cfef0d18ff606dc953aeeda724e771ad780c517f2d54286cff840d14
                                                      • Instruction Fuzzy Hash: 0C21AD74A00205CFC715DFA8C490ADDBBF5EF89791B2441BAD40AEB321CB369D41CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBE9C Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 73fa8c65c3068f0939b1d41cd52ed302c879cc017d2da4ac53a0af842fe5ac89
                                                      • Instruction ID: 26ef46e939e121df8113456f846bde4b9e969c846a3efc84475845575d4aaf5d
                                                      • Opcode Fuzzy Hash: 73fa8c65c3068f0939b1d41cd52ed302c879cc017d2da4ac53a0af842fe5ac89
                                                      • Instruction Fuzzy Hash: E021BA74D04249DFCB00EFA9D4848EDBBB4EB096A2F50562AE9A6F7311D730A941CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58EF5 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a67235fe90b96d7783212e4b871939af645ec9735f147bbc85c9d6fbadff8ddb
                                                      • Instruction ID: 8c909af78b17440365642820bf6b13b94c91ff96cc9841544ff711580e3392f0
                                                      • Opcode Fuzzy Hash: a67235fe90b96d7783212e4b871939af645ec9735f147bbc85c9d6fbadff8ddb
                                                      • Instruction Fuzzy Hash: D8311834A002098FCB54DFA4C544AEDB7F2AF8C311F148068E801AB3A5DB39ED46CF64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5ECB0 Relevance: .1, Instructions: 79COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d924cf1f9f8529c7aa3ac32f1dbe21d3876cd34f4091520837d086892d97eeb9
                                                      • Instruction ID: 05ed7aa758504f00bedddbb17b3ba4122b8f3c0c384ae1eebff7bf52c0516d4b
                                                      • Opcode Fuzzy Hash: d924cf1f9f8529c7aa3ac32f1dbe21d3876cd34f4091520837d086892d97eeb9
                                                      • Instruction Fuzzy Hash: 8431ED31C14B4A8ECB01EFB8C4545E9FBB0FF55200F45C6AAD8987B122EB70A6C5CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5B10 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9fada27366178f0bcaf92a2ea0cb4fbc85625569d8272e736a9e63cdd58d59e6
                                                      • Instruction ID: 81f092f6794d40b1bf9b9fa19288e4ada8d01d0a83b25922488c9a86cfe9039c
                                                      • Opcode Fuzzy Hash: 9fada27366178f0bcaf92a2ea0cb4fbc85625569d8272e736a9e63cdd58d59e6
                                                      • Instruction Fuzzy Hash: 1F11B4363046008FD7195A28B860BEB77A7EBC5692F19866AE5478F3C1DA24D84243A8
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD7069 Relevance: .1, Instructions: 77COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 05e084f5fd2eefe178f8b3d6c2468112585390c91394b76a2c82b15713c57272
                                                      • Instruction ID: 57a8b39cae8d9e94991b45ae8b9a64c89f08438767df082f4b7ea3146790cb93
                                                      • Opcode Fuzzy Hash: 05e084f5fd2eefe178f8b3d6c2468112585390c91394b76a2c82b15713c57272
                                                      • Instruction Fuzzy Hash: 83217C34B00605CFCB04EF69D449AAEBBF6EF89601F04529AE409DB371DB709D85CB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DECA05 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d359f445898c785195d4d36bf387f35401f711582c91ca5a6ab462482d7d8e5e
                                                      • Instruction ID: f44722c8ff38fdcc7b161464827dde2c508bc652e08a1b85c3370a89ce63b968
                                                      • Opcode Fuzzy Hash: d359f445898c785195d4d36bf387f35401f711582c91ca5a6ab462482d7d8e5e
                                                      • Instruction Fuzzy Hash: B531F534A14118CFCB50DFA8C984AEDBBB1FF49345F2096AAE805B7345D7359A42DF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA554B8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f255b33fb7b47aad575440e05d6e3c25bd8211cf69a01ae78407dc86bb12604
                                                      • Instruction ID: 266e771b7b7b5defddea059d67c50c07cf5d0b20816f6c9c3a0f99734739bfe8
                                                      • Opcode Fuzzy Hash: 6f255b33fb7b47aad575440e05d6e3c25bd8211cf69a01ae78407dc86bb12604
                                                      • Instruction Fuzzy Hash: 15216230B54212CFDB259B39D8086A977F7AF8562271540AEF806CB2F1DB36CC02CB19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009DD3D8 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547458902.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9dd000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c206ffa5ecb2a39b8340fc441a81adbb8840e4c4bb350790ed563d9873f76673
                                                      • Instruction ID: e3d7cdb9b2c2401a82a39cbd5f6304fcc9c17070f20cee514ebf59651c2f2fc5
                                                      • Opcode Fuzzy Hash: c206ffa5ecb2a39b8340fc441a81adbb8840e4c4bb350790ed563d9873f76673
                                                      • Instruction Fuzzy Hash: CF213D71545304DFDB14DF10D9C0B26BBA9FB94314F20C56EE8090B3A6C33AE856C7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD3161 Relevance: .1, Instructions: 75COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5587c1392c25bc031afd0b2db94f71ad0dfa3ce99387c1a079910327948ad417
                                                      • Instruction ID: c0d78e63154f660307ec0f73fbbc2bcff84b751158582bee5b92b3d77644e338
                                                      • Opcode Fuzzy Hash: 5587c1392c25bc031afd0b2db94f71ad0dfa3ce99387c1a079910327948ad417
                                                      • Instruction Fuzzy Hash: BD213835A093858BCB02A778D8448EDFF74EFC3361F18479ED4909B292DB354806D7A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB1D0 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 75d52322bb5090134228a8fe55a1ee01270c29b2c47b1d6c79b0fad5ebefbd0e
                                                      • Instruction ID: 8b33706c0a60fa95b1827871db1a58229b8a8df7bb58286c48535b835a839bcc
                                                      • Opcode Fuzzy Hash: 75d52322bb5090134228a8fe55a1ee01270c29b2c47b1d6c79b0fad5ebefbd0e
                                                      • Instruction Fuzzy Hash: 4021A471A14169CFDB14AFA8C80066FB7B5EF856B2F414327F996FB241D230EA408791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB9480 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 71f27075d71ab185da95ce101f9596cb514bf3b1bfa173e8be13cafc3f8f000d
                                                      • Instruction ID: 3e2fecacb8f1c78ce14216b2ee0e69031bdb3544009ed376141ab3dc9806a3a9
                                                      • Opcode Fuzzy Hash: 71f27075d71ab185da95ce101f9596cb514bf3b1bfa173e8be13cafc3f8f000d
                                                      • Instruction Fuzzy Hash: 2921D231A007408BDB01AF29D8946D5BBB1EF96304F09C5BDD84A6F317DB75A484C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA583A4 Relevance: .1, Instructions: 74COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e4cd09cae54dab27892825e3d1e0dc9deada5a98076f2253f9b25aa5c2c78310
                                                      • Instruction ID: 0e368d20f957b2a78eb4094b80eebda31dbccb6c20c0c9bcbf52d74b6f8d2761
                                                      • Opcode Fuzzy Hash: e4cd09cae54dab27892825e3d1e0dc9deada5a98076f2253f9b25aa5c2c78310
                                                      • Instruction Fuzzy Hash: F63118302006018FC764DB38C848BAA73E5FF89721F158569E45ECB3A1DF75A88ACB44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58AE0 Relevance: .1, Instructions: 73COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3123da01d471c016732bf178b80e12cc317847206435ab34a44433f2302306ae
                                                      • Instruction ID: 9fb1cdb56b90d971117031757b22d0b8e70b3dad11b48b450d50c0a009f61c54
                                                      • Opcode Fuzzy Hash: 3123da01d471c016732bf178b80e12cc317847206435ab34a44433f2302306ae
                                                      • Instruction Fuzzy Hash: 3E3107302006008FC764DB28C848BAA77E5BF89711F1584A9E04ACB2A1DF75A84A8B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009ED01C Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547524049.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9ed000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3496ed0765bb88a7e19b22bcb9bfe1e9c8e0ec3e20458250d459e55585f96fa1
                                                      • Instruction ID: 65367a35da7246f092415ba118beaee175ae954105912aa8851f3d70005a699f
                                                      • Opcode Fuzzy Hash: 3496ed0765bb88a7e19b22bcb9bfe1e9c8e0ec3e20458250d459e55585f96fa1
                                                      • Instruction Fuzzy Hash: 1621F571505380DFDB15DF10D5C4B26BBA5FB84315F28C969E8494B246C33ADC47CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009ED1D4 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547524049.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9ed000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fa1ab9454e2c805d17fc2041e53abeaf357b41df72b7568875c270105e43ad35
                                                      • Instruction ID: 80c6f21fca7f0483908c7e45510e7443f760383ca58496eaa3d06bf51cd76f76
                                                      • Opcode Fuzzy Hash: fa1ab9454e2c805d17fc2041e53abeaf357b41df72b7568875c270105e43ad35
                                                      • Instruction Fuzzy Hash: 2F21F575505280EFDB06DF11D5C0B25BBA5FB84314F20C96DE9594B392C33ADC46CA61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD4818 Relevance: .1, Instructions: 72COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5bc9c35a6550eb6f51d7a560df846c3fb0b98cba681eafc0c05ad330b97e640e
                                                      • Instruction ID: a830854a54e4dad8ad14739df94211a4ad73f6a6558e96aa67d41f50283ec93c
                                                      • Opcode Fuzzy Hash: 5bc9c35a6550eb6f51d7a560df846c3fb0b98cba681eafc0c05ad330b97e640e
                                                      • Instruction Fuzzy Hash: 1E119335B006118FCB15DB7AE8548AEBFE6EFC935130586ADE405DB361CE70DC018B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB1C0 Relevance: .1, Instructions: 71COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a93044aa315864c97fa178047f0c7bd8db0b1222a13ff744466aefb146696fb3
                                                      • Instruction ID: 04e2bc1967e483a91f38abfc5a354640d708ed45788cf5d57d6f3fda4d6eeed0
                                                      • Opcode Fuzzy Hash: a93044aa315864c97fa178047f0c7bd8db0b1222a13ff744466aefb146696fb3
                                                      • Instruction Fuzzy Hash: F121A171A14169CFDB14AFA8D8405AFBBB0EF852B2F41432BF896F7241D230EA41C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB69F8 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 22c23c4eb7086169d882259b04b35d11eca30e156915e4e93f51b9eb160cfc9e
                                                      • Instruction ID: 938f14d4ec98904c8c95c562d40f21b7e89ea0a5b63c42619b5a0b27bf2d510d
                                                      • Opcode Fuzzy Hash: 22c23c4eb7086169d882259b04b35d11eca30e156915e4e93f51b9eb160cfc9e
                                                      • Instruction Fuzzy Hash: 3421BF31A007409BDB00EF29D8947D5B7A1EF86318F08C5BDE84A2F216EB75A484C791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBAA29 Relevance: .1, Instructions: 70COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 91bd044dc3c1db7ea9a2a624b34a92019ad65cb20cf5f4ce82748e389f547a6f
                                                      • Instruction ID: c4b40a42c87b0fe2eb8f811f73587afee2cbdaf358823dafd6bbec92b4eeae58
                                                      • Opcode Fuzzy Hash: 91bd044dc3c1db7ea9a2a624b34a92019ad65cb20cf5f4ce82748e389f547a6f
                                                      • Instruction Fuzzy Hash: FB21D671900209DFDF04EBA4D851AEEBBB1FFC0701F408969D0016B355EF345A09CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6D68 Relevance: .1, Instructions: 68COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 800160b1ca93cd116849a5657beb67e7cc327804698e955b0374508ffdba7999
                                                      • Instruction ID: 513583fa38848aaa625860922f35b69936b2eb7bc63a59c81abfb074df5eea44
                                                      • Opcode Fuzzy Hash: 800160b1ca93cd116849a5657beb67e7cc327804698e955b0374508ffdba7999
                                                      • Instruction Fuzzy Hash: D6219375704201DFEB44DB69E890BAB3BE6EBC4311F10897DD5098B31ADB309C468761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0040 Relevance: .1, Instructions: 67COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 3c40ee443911d343a78693f05fdf5af53dc3dd230ff0136317550b5fc54d0967
                                                      • Instruction ID: 8d470422dbfcc0ea9ca42c59d7795fce7c733451037c7329cfaf0a6fe4ad72ca
                                                      • Opcode Fuzzy Hash: 3c40ee443911d343a78693f05fdf5af53dc3dd230ff0136317550b5fc54d0967
                                                      • Instruction Fuzzy Hash: 80218935B00A16CFCB04DF69D884DAAB7F5FF88651B1142AAE905D7361EB71EC01CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE53C0 Relevance: .1, Instructions: 64COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 538dbd373a6ea396d0a77b971434b0929aa8dc3a4008c2ebc9470890cde9d430
                                                      • Instruction ID: 39ad9c68a4e76707d6eb770598c37ce0099bc5db838a05eee738f1a29047fee6
                                                      • Opcode Fuzzy Hash: 538dbd373a6ea396d0a77b971434b0929aa8dc3a4008c2ebc9470890cde9d430
                                                      • Instruction Fuzzy Hash: 6211A379A003159B8B11EA79A8405BFBBB7EBC41E2715862DE468D7340EE70990583A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5D211 Relevance: .1, Instructions: 63COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4aae71573b1644841459649bd70b4cff557db73cbce54b9ba43a12cbc5c7dc60
                                                      • Instruction ID: 0969356cf4e199e91d1b7fb6f1320adff847315b91a4441cab0ef28d16a7b45a
                                                      • Opcode Fuzzy Hash: 4aae71573b1644841459649bd70b4cff557db73cbce54b9ba43a12cbc5c7dc60
                                                      • Instruction Fuzzy Hash: C411A03531C2800FDB46E73898609AD2FE29FC665031E41EBD485CB3B3CA688C058396
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009ED006 Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547524049.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9ed000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7b1ae360b28fbaaa18324f02bef6666c3fb5cdd23659938f2bcfd50abbb544d6
                                                      • Instruction ID: b9997d5d41bb81029408a96e8f45d3b870285cb3fbbc0074f08afedad64b5890
                                                      • Opcode Fuzzy Hash: 7b1ae360b28fbaaa18324f02bef6666c3fb5cdd23659938f2bcfd50abbb544d6
                                                      • Instruction Fuzzy Hash: 55215B755093C08FCB13CF24D994B15BF71EB46314F28C5EAD8498B6A7C33A984ACB62
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA530CC Relevance: .1, Instructions: 62COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0884865e113738ee2b91d509b27d1fac5d88d2ce45c7fe9c9fa353ba1b40288e
                                                      • Instruction ID: b33df4f051f25f3dd026ac083ac6bbc61c8db1c51c63061261489dfccd76bb3a
                                                      • Opcode Fuzzy Hash: 0884865e113738ee2b91d509b27d1fac5d88d2ce45c7fe9c9fa353ba1b40288e
                                                      • Instruction Fuzzy Hash: 0D111231700200CFCB55DF39D8A99A87BF2AF88255B6680A9E4069F6B2DB31EC41CB54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58898 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b9705398330f8e19a7cc6cab658b3f2890ea208120927da017f442297120484f
                                                      • Instruction ID: 1bebce34770f7da6fc6b2b501aade9b227afdbe01d57072f922e773e2b121065
                                                      • Opcode Fuzzy Hash: b9705398330f8e19a7cc6cab658b3f2890ea208120927da017f442297120484f
                                                      • Instruction Fuzzy Hash: 4211DA31700604CFC728AF38C9548AAB7B6EF8A21131009AEE44ADF3B1EA35DC81CB15
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD2821 Relevance: .1, Instructions: 61COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 708ded1019ed0987045de9f0164aa86cbbab9224870d8302479c8db49430e159
                                                      • Instruction ID: ccbe59e3ffa13ca3ca22730705fa6c1295f0fb1543cf43891d436e6b0eb6b04f
                                                      • Opcode Fuzzy Hash: 708ded1019ed0987045de9f0164aa86cbbab9224870d8302479c8db49430e159
                                                      • Instruction Fuzzy Hash: C1116071A0020AAFDB00CF94D8818EFBBBAFB89351F108519E904A7240D771AE45CBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBB70 Relevance: .1, Instructions: 60COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 660d248e0359fe10030927671c36dd944b574248407e91748574411b4a06f14d
                                                      • Instruction ID: 0f580ebf3b0c5b4c8c51c867459e0a10306b75695c3fad5eef14da158ac11d83
                                                      • Opcode Fuzzy Hash: 660d248e0359fe10030927671c36dd944b574248407e91748574411b4a06f14d
                                                      • Instruction Fuzzy Hash: D7215E74A00908DFD704DF5AE684D99BBF1FF88310B6281D9D4489B366D731EE64EB04
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBB30C Relevance: .1, Instructions: 59COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 44e8fcc3d033e90c3c017b041be3e499da2ea7b6f5f4f1edeb3181bb93576251
                                                      • Instruction ID: fc911767f5d56bbc912722121029b17d4810ba599779bdc807d02d8153e36a67
                                                      • Opcode Fuzzy Hash: 44e8fcc3d033e90c3c017b041be3e499da2ea7b6f5f4f1edeb3181bb93576251
                                                      • Instruction Fuzzy Hash: 02216034500705CFC754AB34D450AEEB3B6EFC5265F44896ED05A1B360DF75A485CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE52F0 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e0803204fb9c1171b00991f0f201a97356ae2040828781ef2bc11ec5c718c1e4
                                                      • Instruction ID: 24027a088c1c0e2244effcc75d6f4ebd264756ec157d6bf065b69d90a26ed778
                                                      • Opcode Fuzzy Hash: e0803204fb9c1171b00991f0f201a97356ae2040828781ef2bc11ec5c718c1e4
                                                      • Instruction Fuzzy Hash: A1115E31B002198BCB54FBB8A9106EFBAF6BFC4755B60416DD504EB341EB728D01DBA0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBAA38 Relevance: .1, Instructions: 58COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cf1edcdb0ac4a2133fd781950546e72edb659a9d3f7ed6f0c20fa7b82f0722fc
                                                      • Instruction ID: 4d7beb1fbffcff75cc8fa9f12dccae5f27dadfef0c8129d388aa0cca7c373407
                                                      • Opcode Fuzzy Hash: cf1edcdb0ac4a2133fd781950546e72edb659a9d3f7ed6f0c20fa7b82f0722fc
                                                      • Instruction Fuzzy Hash: 51116371A0020A9FDF04EBB5E851AEEBBB5EFC4700F008969D1016B255EF305A08CBA2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DECC0D Relevance: .1, Instructions: 57COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bf117ea5021af94723bf9c967583c0619516488d72c6f148dcae9ed9460aed0e
                                                      • Instruction ID: 3caba3c2915dea107c239babaa3926e84f78f023aa097cf2e1264e9a0238f5d2
                                                      • Opcode Fuzzy Hash: bf117ea5021af94723bf9c967583c0619516488d72c6f148dcae9ed9460aed0e
                                                      • Instruction Fuzzy Hash: 86F0B43015D648CFD705AF74C55A6983B74EF03220F1402E9ED494B5A3C7324A51FB65
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBDA9 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c54b76b45d87a8321a9ce0393a60b8548740e0da6d3f2f9e5e296483f4c62199
                                                      • Instruction ID: 8b23ffa4f505a4c058cc259b09955b65145cea199a1776e6df0bf92ccae99292
                                                      • Opcode Fuzzy Hash: c54b76b45d87a8321a9ce0393a60b8548740e0da6d3f2f9e5e296483f4c62199
                                                      • Instruction Fuzzy Hash: 21115A74E04208EFCB00DF95D4809EDBBB1EF8A362F10466AE852B7722C330A940CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5EE0 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d31179af9af5310da75cc28941e2b403b3c2ec74ce9c5d8d095dd834cc176e6b
                                                      • Instruction ID: 596a2298b510344016208e15956e7afa3020be118a818c68d55b995a03c6462d
                                                      • Opcode Fuzzy Hash: d31179af9af5310da75cc28941e2b403b3c2ec74ce9c5d8d095dd834cc176e6b
                                                      • Instruction Fuzzy Hash: 3B215135910B0687CB10AF6AC850681B371FF99320B15C779DD6D3B795EB71B990CB90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009DD3D3 Relevance: .1, Instructions: 56COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547458902.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9dd000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                      • Instruction ID: 0d3d66242359245aa65cffaa354bd06e25e9055af34d74fb75ede3be2d0d309e
                                                      • Opcode Fuzzy Hash: 01a772179decf110bb882872cb952e1b13b119dd61991aef1ad72797cf3e64a4
                                                      • Instruction Fuzzy Hash: A811E676545240DFDB15CF10D5C4B16BF72FB94324F24C6AAD8090B766C33AE85ACBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009ED1CF Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547524049.00000000009ED000.00000040.00000800.00020000.00000000.sdmp, Offset: 009ED000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9ed000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction ID: 2215a3ac1ad5739ca49134b1e253f940117d6485c99345849196681afe7c2e7f
                                                      • Opcode Fuzzy Hash: fb11cfc8073ccb158cd0f42583cdb3ded50e3effa001a3c93aefd0de24dc37f6
                                                      • Instruction Fuzzy Hash: A2118B75504280DFDB16CF10D5C4B15BBA1FB84318F24C6A9D9494B796C33AD84ACB61
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE2751 Relevance: .1, Instructions: 53COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02efdd094c8ca5b6671ed23b535d50045e78dc409369a686ad7aa9114bb74af7
                                                      • Instruction ID: 0b2b182cd006e7cf708b525c12758a1e122ec8a215325e965ea6379b37fb6ec8
                                                      • Opcode Fuzzy Hash: 02efdd094c8ca5b6671ed23b535d50045e78dc409369a686ad7aa9114bb74af7
                                                      • Instruction Fuzzy Hash: A81109753006108FC719AF39D85895577BAEF8A76631506EDF016CB3B1CB21D845CB60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0590 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0923053a056bde74f86f571b2369f527d72bc38141748a5c4dfe0d7ece9a6ace
                                                      • Instruction ID: bc34df76a3283de567f2ca0efb6d0cf7efcee34e677481b480fa9898327c48e1
                                                      • Opcode Fuzzy Hash: 0923053a056bde74f86f571b2369f527d72bc38141748a5c4dfe0d7ece9a6ace
                                                      • Instruction Fuzzy Hash: 38016D35B4063987DB287A76581477E368BBBC4BA2F18821DF906D7385DEA0CC0297D5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB7FC7 Relevance: .1, Instructions: 52COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fca5826c99fd9618915c25a30352f11c3682639f30bf18806c85c2f0815a320f
                                                      • Instruction ID: 5317644fdab4582e449cad3423a55eaac4ede2a1564a0c305b2ee014bd595cd6
                                                      • Opcode Fuzzy Hash: fca5826c99fd9618915c25a30352f11c3682639f30bf18806c85c2f0815a320f
                                                      • Instruction Fuzzy Hash: 27113370A00206CFDB14DFA8C480ADEBBF8EB48781F2441A9D40AA7320D772DD42DBA5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE12EC Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2512c8dd0ae0562a9609a31d7bed37603697775d7d552501b6c050632671bd80
                                                      • Instruction ID: 4b4bbcebcdfc96a05b16d2f2ebbabfdb09dcd2c90b32c05bf060a06acc3e4083
                                                      • Opcode Fuzzy Hash: 2512c8dd0ae0562a9609a31d7bed37603697775d7d552501b6c050632671bd80
                                                      • Instruction Fuzzy Hash: E601D7793006108FC724EF39D89881973B6EF893663150AADF51ACB371DA21EC45CA60
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEBDF9 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5d96aa0a2d0b5bbca43eafced0689ba06e077916381bc4d96293a86dbbcdbcee
                                                      • Instruction ID: 7290ca1f5adaef379845344ae21dd038c25910f4f4b55f32286d8143df5e8d0d
                                                      • Opcode Fuzzy Hash: 5d96aa0a2d0b5bbca43eafced0689ba06e077916381bc4d96293a86dbbcdbcee
                                                      • Instruction Fuzzy Hash: 72119374D08249DFCB00EFA8C5845FDBBB4FB096A2F10562AE996B7301D730A940CF54
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5BD9 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f81aadd31f87ebbc27c7593d1d1ae3867d730f561e79176055d84e6cdbef375
                                                      • Instruction ID: 62f6403615232b47c0dfb64f07c97b8563269033863f153731e26b737d7eb9c0
                                                      • Opcode Fuzzy Hash: 2f81aadd31f87ebbc27c7593d1d1ae3867d730f561e79176055d84e6cdbef375
                                                      • Instruction Fuzzy Hash: E511A1303443109BEB54A638D4157DA66D6AFD4725F10C66DE09A8B3C2CEFA984A87A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB37A0 Relevance: .1, Instructions: 51COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ec13f6dd2539bc721d3913f1bca4c89afbbbbd54a793d7d56d70b8439cf95770
                                                      • Instruction ID: 191a89c322946119e4bb27842a0a08593e617c2b3e96e1d8eddb543f16c1bc6d
                                                      • Opcode Fuzzy Hash: ec13f6dd2539bc721d3913f1bca4c89afbbbbd54a793d7d56d70b8439cf95770
                                                      • Instruction Fuzzy Hash: EC11D6303443109BEB44A628D4157DA72C6EBC4B25F10C92DE19A8B3C2CEFA994947F2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE26D0 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 267635aaea81de34c1aed5aaf044e56bdffa8fc61ee023bc63a45f34a388a392
                                                      • Instruction ID: e9332b108df604be274fa7eac390ffffb262c3d022bc680caaf92493be58a1bc
                                                      • Opcode Fuzzy Hash: 267635aaea81de34c1aed5aaf044e56bdffa8fc61ee023bc63a45f34a388a392
                                                      • Instruction Fuzzy Hash: 0911CC752007108FC319EF39D85885577B6EF4936631506ADE456CB7B2CA31DC85CB50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5D240 Relevance: .0, Instructions: 50COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e6e2018b9cdd2e7bf9ed010a128709fa8e4d3a42bf69548dc65a41633db6209a
                                                      • Instruction ID: ceeeafb1a6f416b382b9561ce42e323f2b4a3bdd427c7a86b6b042844290677e
                                                      • Opcode Fuzzy Hash: e6e2018b9cdd2e7bf9ed010a128709fa8e4d3a42bf69548dc65a41633db6209a
                                                      • Instruction Fuzzy Hash: 8601A7353102004F9745E7788454ABE33E7DFC99513594069E905CB3E4DF74DC428796
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5C24F Relevance: .0, Instructions: 49COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ee183d484b001df5eb9417b81fe52812f2049f0d18a5603abf6fb80fb0d4b4ac
                                                      • Instruction ID: 616a947625a78132e62c1d3ad202c95315711667362fa74aac0c04264bfbb533
                                                      • Opcode Fuzzy Hash: ee183d484b001df5eb9417b81fe52812f2049f0d18a5603abf6fb80fb0d4b4ac
                                                      • Instruction Fuzzy Hash: CD0128312093919FCB129F70E8509EBBF75EF8736071952AEEC854A1D3C7368996C740
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE9231 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a567f27e4c29b851cb3ad2f125b3394f6e90909d4f9302d4d95b87ab53bccb74
                                                      • Instruction ID: 77434bce42bb956a9d3c46e3229f8a60c8b7cc8641c1a0a6eaaf68a63add1586
                                                      • Opcode Fuzzy Hash: a567f27e4c29b851cb3ad2f125b3394f6e90909d4f9302d4d95b87ab53bccb74
                                                      • Instruction Fuzzy Hash: E001F534F44244EFDB04ABB494157AD7FF2EBC6352F1086AAE606E7383D63489419B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA58888 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 062dc4b80c67497ecf30711f6591efef745ecfa7b76c51fcd73217de549513d9
                                                      • Instruction ID: 8cf982a3769ae238fb5122369523d63490f2d12b5adb771b7ed40d6f001d62e9
                                                      • Opcode Fuzzy Hash: 062dc4b80c67497ecf30711f6591efef745ecfa7b76c51fcd73217de549513d9
                                                      • Instruction Fuzzy Hash: 1C01B132300610DFC7289F39D5449A9BBF5FF8925171505A9F4459B3B1DB39D840DB29
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD3180 Relevance: .0, Instructions: 48COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6ffbe1993e112af0a69df47d1bbb377469d297f645a9c1451ddab7c4afedab47
                                                      • Instruction ID: 0a724cb4c8fbf2bdcd9ec7bd04852fed1ffb221533a0a6acb6d69d5a406c40e5
                                                      • Opcode Fuzzy Hash: 6ffbe1993e112af0a69df47d1bbb377469d297f645a9c1451ddab7c4afedab47
                                                      • Instruction Fuzzy Hash: 49012835B093448BCB06EB64D8448EEFFB9EFC6310F14829ED4555B211DB745902D7A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE0918 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4fcc49d6b4e6c174418cd722ebba473cd2efb50598c46e17516ac244f36269d3
                                                      • Instruction ID: e0ed2ac146d5775d7163b3704c677b7d72046cb4c6d738eedc71c1f7312ec435
                                                      • Opcode Fuzzy Hash: 4fcc49d6b4e6c174418cd722ebba473cd2efb50598c46e17516ac244f36269d3
                                                      • Instruction Fuzzy Hash: A0012B303007049FEB25AA69D850B66B3D5BFC1672F98C62EE44987650CBF0DC42C750
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE3A70 Relevance: .0, Instructions: 46COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e3ecd620a4191470e8829a18113b45f1a0205362231aa4a9d41afa1deede1f0d
                                                      • Instruction ID: 7ff4bfd15c54a4402879ccbbb6853ed8c0f4904ed991790f8723e7097a797841
                                                      • Opcode Fuzzy Hash: e3ecd620a4191470e8829a18113b45f1a0205362231aa4a9d41afa1deede1f0d
                                                      • Instruction Fuzzy Hash: D20149323083845BDB39A77AA84477FBBC6FBC0269F04466DE14A87740DFA4D8058391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE2F90 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1bf894a925541bc4594187bc33e873057085a8248f70e17f707c67b46e7ce685
                                                      • Instruction ID: 6882dee7e31947d332705507aa60f242c4ddfb099aeb2ba2219b72d4616e6511
                                                      • Opcode Fuzzy Hash: 1bf894a925541bc4594187bc33e873057085a8248f70e17f707c67b46e7ce685
                                                      • Instruction Fuzzy Hash: 8401842020D3C69FD706AB699C15A593FB8AF47745B1846EBF485CF1E7DA24C806C722
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA592C0 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ecc5d98ff82b716c2a8454d0d46e48dc6430a70e41f59cb421d354d7319e6bf
                                                      • Instruction ID: ae48701a7fac5d461a2c688752f4a04ad0145b2b4a8ca0015ca425cdc01c7007
                                                      • Opcode Fuzzy Hash: 8ecc5d98ff82b716c2a8454d0d46e48dc6430a70e41f59cb421d354d7319e6bf
                                                      • Instruction Fuzzy Hash: EA01AD35244240DFC7259A79D950BEB37EAAFC1625F1A1069ED48CF3E1EF389801C75A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009DD745 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547458902.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9dd000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c16b7686c14cf16f2521c5b08acc89360299c732a3592a1118ee456e04bf9330
                                                      • Instruction ID: dd07f795360558ef1bcd408feba27c615450340d03dfa047c3808066f8cb71ec
                                                      • Opcode Fuzzy Hash: c16b7686c14cf16f2521c5b08acc89360299c732a3592a1118ee456e04bf9330
                                                      • Instruction Fuzzy Hash: 3C01F7B1045340ABE7204E21CC84B66BBDCDF41764F14C59BED084A382C7399800CAB2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDC977 Relevance: .0, Instructions: 45COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6bbe89b35d555a871548eab1f6b672b7728a7b3fb1441fa48b973dd7f1bf363a
                                                      • Instruction ID: c60153e50e9df0c8760b2757a030c5a450d1fb51f645755b319fbf906649e0eb
                                                      • Opcode Fuzzy Hash: 6bbe89b35d555a871548eab1f6b672b7728a7b3fb1441fa48b973dd7f1bf363a
                                                      • Instruction Fuzzy Hash: F8115E747002048FEB499B38C490BD9B6A7EFD4700F1484B9D90A9F3A9CE75DC418B25
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE9240 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1347dc18870b09345f0c0b3e2a19ae9d4b3ece2794fadbfe8d05afc396b207af
                                                      • Instruction ID: 77e71dc28c866ae17458c50fedf2d963d0e901582bc0ddfa39ead631cb258bcb
                                                      • Opcode Fuzzy Hash: 1347dc18870b09345f0c0b3e2a19ae9d4b3ece2794fadbfe8d05afc396b207af
                                                      • Instruction Fuzzy Hash: 2B012B34F40204EFDF00BBE494153AD7BE2EBC5352F108669E506E7383D630C9419B92
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5AF90 Relevance: .0, Instructions: 43COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: db4e8a0519b6cbeb01bba981a667d2062766cd508d37f1d01b4f08fa065c5b3c
                                                      • Instruction ID: cc4c79056041f0dcccf4a0891619ecdc75ab5ff283dc77b6bb8a081180f46996
                                                      • Opcode Fuzzy Hash: db4e8a0519b6cbeb01bba981a667d2062766cd508d37f1d01b4f08fa065c5b3c
                                                      • Instruction Fuzzy Hash: 2F0162B171E3818FD7129BB4D8185A43FB4AF0356170A42EBE849CF5E3D6798848CB19
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F370 Relevance: .0, Instructions: 42COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4e7b7a931d3fc6d4a4e7a5ce7b50ba463db1d449645d9d8ee6ad9676afbf545c
                                                      • Instruction ID: ea76e5623c1d2a78214c1862e6f19fa93f69ed2bbb03536fd2e3cae6e8f4a610
                                                      • Opcode Fuzzy Hash: 4e7b7a931d3fc6d4a4e7a5ce7b50ba463db1d449645d9d8ee6ad9676afbf545c
                                                      • Instruction Fuzzy Hash: 5601FD71200701EFEB298B24C5007AE7BE0AF44225F00846AD8498B6A0D774D881CB48
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB0F81 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aff9559912d0e8f2a6c1eb66820fc4b4d6408cf43ad6e8f9b94430f3c60e04cc
                                                      • Instruction ID: b2af688f5fd9525e42ce63a934970e30d5a65c7e5ddb2fb8fb94f0c81f27d195
                                                      • Opcode Fuzzy Hash: aff9559912d0e8f2a6c1eb66820fc4b4d6408cf43ad6e8f9b94430f3c60e04cc
                                                      • Instruction Fuzzy Hash: 06F08B22718A52C6DB4C542C18504BFBABB9BC96D2705CB3BC247DB361CE50CC02029A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD3190 Relevance: .0, Instructions: 41COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: afcfc6aa94a2d22f0d5f1e9007e3f7b9f502f59dbb6d15ac11995f7efac32784
                                                      • Instruction ID: 51b8f20ee79c7aa0f2ab91f09e44edc23a0a4629e90921c0c697a5fedacf566d
                                                      • Opcode Fuzzy Hash: afcfc6aa94a2d22f0d5f1e9007e3f7b9f502f59dbb6d15ac11995f7efac32784
                                                      • Instruction Fuzzy Hash: 95018135A146089BCB04EB65DC448EEF7B9FFCA310F40825AE91567351EB706A41CBE1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA53171 Relevance: .0, Instructions: 40COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 00378759f7ab80da423f0871ba2deaed658ea9dcab1e5a170ee5ef6a611a4a7a
                                                      • Instruction ID: 49dbcb46f7ed0fd2ef7bc64d6d12ffed14918383ebf8a67c9435b2ea7bdc56e1
                                                      • Opcode Fuzzy Hash: 00378759f7ab80da423f0871ba2deaed658ea9dcab1e5a170ee5ef6a611a4a7a
                                                      • Instruction Fuzzy Hash: 6CF04921B0C3D04FCB0B0B3918384A52FA69AC655131E05EBE985CF293DA684C01C776
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB65E0 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f7ac1ee19bcf1132ae913f83dd5d82dafbe34043b9096c0f003c09f6b57c0ed
                                                      • Instruction ID: 92b881697efb697225a4afa99305813b09a2d936927f4d19c48d7d3ff93a6fee
                                                      • Opcode Fuzzy Hash: 9f7ac1ee19bcf1132ae913f83dd5d82dafbe34043b9096c0f003c09f6b57c0ed
                                                      • Instruction Fuzzy Hash: 74F0C231A047818BCB304F78A4466EA7BE5EB51292F0407AED0ABCB281DB24E8058791
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBF620 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: b1bada83cff7432f322b54341133130a52cea38e2251ff0d2a6bb2e5a441fb35
                                                      • Instruction ID: 65ea00f1a9658bdbc61c1429ef78f1cad97b98a01e771bd3e8a279722027601f
                                                      • Opcode Fuzzy Hash: b1bada83cff7432f322b54341133130a52cea38e2251ff0d2a6bb2e5a441fb35
                                                      • Instruction Fuzzy Hash: 740152B5D00619AF8F41EFA8D5449EEBBF5EF48210F10865AE859A7310E7709A508BA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F380 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0cd42ef5fcda60b9230347f12e97cd13b651189f3749d5893d2f50d0ac99e8d3
                                                      • Instruction ID: 07b9973b41d758b61fce46ff47621a36290e72951ee07b71135b07ab2f6c1f2d
                                                      • Opcode Fuzzy Hash: 0cd42ef5fcda60b9230347f12e97cd13b651189f3749d5893d2f50d0ac99e8d3
                                                      • Instruction Fuzzy Hash: 3FF0A4312047009FEB28DB25C5407EE77E4AF44634F00856DE959876D0DB71E881CB94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA51138 Relevance: .0, Instructions: 39COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 54e0139e22e5e4157552eb57531d35cff6f8aa12115ede127b512e94bd6f243f
                                                      • Instruction ID: 8630df45d819acd1b44de78085df9a03268d409840e191c0577004159a9e96f0
                                                      • Opcode Fuzzy Hash: 54e0139e22e5e4157552eb57531d35cff6f8aa12115ede127b512e94bd6f243f
                                                      • Instruction Fuzzy Hash: 45F0D632A062519FC3259B3895046FABEA1FF85611F0982BFE40C87292C6355845CB69
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE088F Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 398114982f32566812a913493a807aafb25e93b9f0ee351b8b4b50edf8721aae
                                                      • Instruction ID: df19c0c18a483011992c9b3e4e922c70179711d195d139e01f20be1207d659f4
                                                      • Opcode Fuzzy Hash: 398114982f32566812a913493a807aafb25e93b9f0ee351b8b4b50edf8721aae
                                                      • Instruction Fuzzy Hash: 3E014B306096808FC359DF2ED819915BFE5EF8A22031AD2EAE459CF3B3CA309C04CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE5639 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad8d82912f114f173530b543f5f96a247914677f26e901984aebbc08ed9a78e0
                                                      • Instruction ID: 058505d0f555e2bd155c264381f9eb8b42f61c4388815658630f6804d4f72cec
                                                      • Opcode Fuzzy Hash: ad8d82912f114f173530b543f5f96a247914677f26e901984aebbc08ed9a78e0
                                                      • Instruction Fuzzy Hash: 18F09752519B408FC7067A39281629CBFB09E8309DF1882AFD1CB8B261E8245A0743D6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09234110 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: def1157447e4250aec9942553e27cfa9abcf53851aec7e81662b00353db7f701
                                                      • Instruction ID: fcb12d480217736af32ea1d51df230f674caf85fe29eeb1dccddbece16c0d675
                                                      • Opcode Fuzzy Hash: def1157447e4250aec9942553e27cfa9abcf53851aec7e81662b00353db7f701
                                                      • Instruction Fuzzy Hash: DBF0846273C891A7D74C697E350036BE9CB97E9248F49C0BBD28AD73A0C9A0CC1106D3
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDB820 Relevance: .0, Instructions: 38COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9a55409cb511b6c5daec65179db3e9c6101ac59f0cc313691768b5fcc24009f9
                                                      • Instruction ID: fd2d6e023e0b7fccb3b7bec3d617d186afd31b7ae61de51cdd43f941669aa425
                                                      • Opcode Fuzzy Hash: 9a55409cb511b6c5daec65179db3e9c6101ac59f0cc313691768b5fcc24009f9
                                                      • Instruction Fuzzy Hash: E5F059227447808FC31C162874062D5B7E2DBCA376B04CAABE04FCB250C925CC8283A7
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB65F0 Relevance: .0, Instructions: 37COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6439b81bc37ed2da77ada54559b97bbcf154dd57be172bb5e793a0fc30e60d61
                                                      • Instruction ID: 95474a6e45919c5a4e6dbcf6c86d6656a73a654b35990538d81ce8a253a41b99
                                                      • Opcode Fuzzy Hash: 6439b81bc37ed2da77ada54559b97bbcf154dd57be172bb5e793a0fc30e60d61
                                                      • Instruction Fuzzy Hash: 8BF06D31600B05CBD7309F79E4467ABB6E5FB40292F040BADE06BC7640EB24E8048B90
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA530D8 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f61205ed8d0a779508d8bbea5f014d881c3007107e71ab71a7a305843ea9fd0d
                                                      • Instruction ID: 8a1fb6ec98c8f62246738c860443d7400334216e8928dffa9442da9ab80e7d84
                                                      • Opcode Fuzzy Hash: f61205ed8d0a779508d8bbea5f014d881c3007107e71ab71a7a305843ea9fd0d
                                                      • Instruction Fuzzy Hash: EF01F631B00210CFCF55DF79D4A4898B7F2FF8825175644A9E8069B2A1CB31EC41CB64
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 009DD744 Relevance: .0, Instructions: 36COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1547458902.00000000009DD000.00000040.00000800.00020000.00000000.sdmp, Offset: 009DD000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9dd000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 88a0aa8f65764fe8fda7c14b8d2f9408e91f91a2bdf28a509bd2003a68573164
                                                      • Instruction ID: 717da701a463b5357f9415eec26daa34f6ed0133f15c891e9fde83e433824676
                                                      • Opcode Fuzzy Hash: 88a0aa8f65764fe8fda7c14b8d2f9408e91f91a2bdf28a509bd2003a68573164
                                                      • Instruction Fuzzy Hash: EEF06DB1409344AEE7208E16C888B66FBDCEB91734F18C49AED0C5A286C2799844CBB1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE52A0 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27cec30759b84cd5ea11a2a3d7e37dbaf8c9befb748510de2c73d0b6d7953c33
                                                      • Instruction ID: 1209ac97244670d72e8f0cbd2586589c9d58bcc5685d84acda8189aa1f7aa106
                                                      • Opcode Fuzzy Hash: 27cec30759b84cd5ea11a2a3d7e37dbaf8c9befb748510de2c73d0b6d7953c33
                                                      • Instruction Fuzzy Hash: 6EF0822944E7C4CFCF63A37168206857FB16D632CA76A82CBE0D09E5B3C025050EC3A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB909A Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eeeb944a4fa7dade8eba2911b8bb33761d3a94ca7f6f093a69d89054b4b33003
                                                      • Instruction ID: 6cb3f34c3e984f1b90238714149cf0fcfbab7e562d3a2ae3402526bfe77074f3
                                                      • Opcode Fuzzy Hash: eeeb944a4fa7dade8eba2911b8bb33761d3a94ca7f6f093a69d89054b4b33003
                                                      • Instruction Fuzzy Hash: 8AE05536B040506B8B1662987C108FEAF7ACAC1B22714812BD10A83361DF6A0D0382A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DBB798 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9d57601629f6eed936c05993c8c831a994108ed65b3422beff132b9f8d352aae
                                                      • Instruction ID: bdd0cf8a91cff5715f6b7bb3b8d16fe30fb2f172448e60ede4b1f6db7f3dac06
                                                      • Opcode Fuzzy Hash: 9d57601629f6eed936c05993c8c831a994108ed65b3422beff132b9f8d352aae
                                                      • Instruction Fuzzy Hash: 00F0A430A00615CFCB04EB68D45989DBBB1FF85301F018299E5099B361DB719E40CBC2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA592E8 Relevance: .0, Instructions: 35COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 649160a1ff5b7eb3be6b7a3f939d6689411b1454f73a77028c30802fb1070d55
                                                      • Instruction ID: e94902fe7c14b4aa7a6602f1a765f9d4aa45ecb6a7c2121d34c0d13e3db925a9
                                                      • Opcode Fuzzy Hash: 649160a1ff5b7eb3be6b7a3f939d6689411b1454f73a77028c30802fb1070d55
                                                      • Instruction Fuzzy Hash: 33F03A30350204CFCA64AAB9D550BEB33DAABC4920F051469EA46CB3E0EF349C05DB9A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB0F90 Relevance: .0, Instructions: 34COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5bb2b576b0bba41411f968534d1829e20ecfb69ec561415dd1f7f633168db3c9
                                                      • Instruction ID: 6c4becdfa9722a387cfccb9dd2939cefa1b928a350253c0a93b7e7ed5ee5a8e0
                                                      • Opcode Fuzzy Hash: 5bb2b576b0bba41411f968534d1829e20ecfb69ec561415dd1f7f633168db3c9
                                                      • Instruction Fuzzy Hash: 59F02022B28912C3CA0C986D58505BFB6BB9BC86E2B058B3BC507DB250DE60CC02029A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEB450 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 64b7d8b09e07c3ffad1173e75585c3c17fc7eedc036ccf1c6381015793a950c2
                                                      • Instruction ID: 9946b65668e868613b0c635d107209654b0db63c88c49e011cc126fcf46d387e
                                                      • Opcode Fuzzy Hash: 64b7d8b09e07c3ffad1173e75585c3c17fc7eedc036ccf1c6381015793a950c2
                                                      • Instruction Fuzzy Hash: 87F0C83150A2A18FE3158A5490157A53FA1AF8231AF18C1FFD048DF697D67A4442CF51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5E488 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ce98b7b0f6e14fccca5b31cf526db06e63600c16a3516a982f44907ab8696ab1
                                                      • Instruction ID: 1ca861f4f2193456dd40dffd579bcaee450159b686fc18cd89fc6cc992abc4c7
                                                      • Opcode Fuzzy Hash: ce98b7b0f6e14fccca5b31cf526db06e63600c16a3516a982f44907ab8696ab1
                                                      • Instruction Fuzzy Hash: AFF05E36A10218EFAF21DF64CD005DD3F71EF09325B148562EDA8D6291E37A9A20DB5A
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD4051 Relevance: .0, Instructions: 32COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4f8b957d8a969356fb2ee1fead0d2a5addc6297488dc4aa5163a24967792f7f0
                                                      • Instruction ID: b848f222b7a6c5a75d912433d4389bbed5428a04a7eae4f7a319a46cc463908c
                                                      • Opcode Fuzzy Hash: 4f8b957d8a969356fb2ee1fead0d2a5addc6297488dc4aa5163a24967792f7f0
                                                      • Instruction Fuzzy Hash: E4F0E930205380CFD32257799440BDABBF5FFCA351F04056EC04987351C6B69841C7A0
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE9B88 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 62dbcef5a0beec6904d506d36b42144235abd5aa9938e03cb73a01af5459c095
                                                      • Instruction ID: 9be199d5f254de72b9e260f5a642c99f55e663dc451ea893f65fb237043cbb47
                                                      • Opcode Fuzzy Hash: 62dbcef5a0beec6904d506d36b42144235abd5aa9938e03cb73a01af5459c095
                                                      • Instruction Fuzzy Hash: F0E02B31345314AFEF141580A862BF23B2CD7C57A2F01016FF301CE1E2D6F148418762
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5CE0 Relevance: .0, Instructions: 31COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 05fa0701da333c70351c6dbacd278ae2d7a857a09c5927861b86726a81b48d44
                                                      • Instruction ID: 666afc9a12698bf32dcaed26c919cdcc9880fcea0c5b771fb7f325ecbd8292f8
                                                      • Opcode Fuzzy Hash: 05fa0701da333c70351c6dbacd278ae2d7a857a09c5927861b86726a81b48d44
                                                      • Instruction Fuzzy Hash: 88F0D4716147458FEB28DF18E4829D977E5FB456997300A9EE42ACF302D762E8038B94
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE08A8 Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c35629715428c8c48a5ee0bcb37da61f52f1456579ac3154688752843b9cd0b1
                                                      • Instruction ID: fc2b1b17f587d8bf065cc73ead00c3d6f89e1a7d6885e80b455e8c903def511b
                                                      • Opcode Fuzzy Hash: c35629715428c8c48a5ee0bcb37da61f52f1456579ac3154688752843b9cd0b1
                                                      • Instruction Fuzzy Hash: 16F0DA346406148FC398EF2ED449A55BBE6FF8932576AC2A9E419CB3B2DA74DC418B40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE7CEF Relevance: .0, Instructions: 30COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6fc6543e8fb36cfbaf2da62b09f33ea0384d8ff0dec93869e65b530ecbf8cdd0
                                                      • Instruction ID: cbd37f675c213f8cf7aaad74fde25c11d864e5a9d666fc377632c533daf9f2c5
                                                      • Opcode Fuzzy Hash: 6fc6543e8fb36cfbaf2da62b09f33ea0384d8ff0dec93869e65b530ecbf8cdd0
                                                      • Instruction Fuzzy Hash: A8F0ED32249280AFCB064B509C41FC83F259F1FB21F1A8086F241CE1B3C7328413A760
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5FEF9 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 87948f699d849d26c5caa91c7ab8f6989afcfd0114cf7e3212820dbdef8970f3
                                                      • Instruction ID: 5a8a44adc8a9eb80ba4eedf63b845be8e802b460bb31ff8fc02aeb0dfb26a5d0
                                                      • Opcode Fuzzy Hash: 87948f699d849d26c5caa91c7ab8f6989afcfd0114cf7e3212820dbdef8970f3
                                                      • Instruction Fuzzy Hash: D3E06D327451515FC3155679A89899A6BAA9BCA12031A40EBF508CBB73CD644C458391
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F3E8 Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0a62fc1f269a0b6901270713d9e1631cec74a34e1479c9e7d2a926c3f5b996ed
                                                      • Instruction ID: 277339bf0617226950e24ab94b051ce4421b5700737c1a045cc6508cc38ce2f2
                                                      • Opcode Fuzzy Hash: 0a62fc1f269a0b6901270713d9e1631cec74a34e1479c9e7d2a926c3f5b996ed
                                                      • Instruction Fuzzy Hash: D4E0DF327101019FD3455B2DEC908AD7BEAEBCA225346C0BAE10CCB762DA754C064399
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDB89C Relevance: .0, Instructions: 29COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dfa5979a3840d6d57501abb7491b2c7e63430abb26909d051a83a004d2b9886b
                                                      • Instruction ID: 784e744c872586670a75befdfde4a31af5d67191a54c01b1e849a69782637c51
                                                      • Opcode Fuzzy Hash: dfa5979a3840d6d57501abb7491b2c7e63430abb26909d051a83a004d2b9886b
                                                      • Instruction Fuzzy Hash: 24E02B83B583848F9215156828420A436D1E7C93FB34587DBE087CF251C509C5438323
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA531A0 Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ca2b2ca0adf1c39da2558a2743f1ad798fe0ce59330e9819b61293c8dea70e2b
                                                      • Instruction ID: a50816c3cd97858211c1d1df6c906bbd3e0455985833af8ba6e6b3dc3dcada5f
                                                      • Opcode Fuzzy Hash: ca2b2ca0adf1c39da2558a2743f1ad798fe0ce59330e9819b61293c8dea70e2b
                                                      • Instruction Fuzzy Hash: CDE08635B046285B9E1926BD1C395BA619B9AC59D1305443AFD0ACF3C0EE34CC4247BD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD103C Relevance: .0, Instructions: 28COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c1a567639f90261916a7a045a7dd602b5e97aee277764d22c9a255231c22bdb3
                                                      • Instruction ID: 0cf558eff64b89c634cddeae76d52eab257e0af354ea2bbf208160d9a88a6447
                                                      • Opcode Fuzzy Hash: c1a567639f90261916a7a045a7dd602b5e97aee277764d22c9a255231c22bdb3
                                                      • Instruction Fuzzy Hash: 5BE06D34281714DBE221A669E440FEBB2DAFBC97A2F04493DD05A47340CAB6E84187A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB3BF4 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 610f22f4e127c920fa8e605ee6c36e55e900d85523b6dd6cc8fbf228c68abd18
                                                      • Instruction ID: 542117dfec74f46e5f755904fb5698621d232217afe37683623d4ef619e16c11
                                                      • Opcode Fuzzy Hash: 610f22f4e127c920fa8e605ee6c36e55e900d85523b6dd6cc8fbf228c68abd18
                                                      • Instruction Fuzzy Hash: 4701193682120AEFCB01DFA4E888ADCBBB1FF49300F058166E5467B260EB709984DF41
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5D8A0 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5bfacb667932cb133705d6f39506aa7cfb38a5bf95e483d95b17b5ddc84f6b85
                                                      • Instruction ID: b4de581800e02373fd27b2b3e87316880f2abdeb39da7793ae7acbd6839b98f7
                                                      • Opcode Fuzzy Hash: 5bfacb667932cb133705d6f39506aa7cfb38a5bf95e483d95b17b5ddc84f6b85
                                                      • Instruction Fuzzy Hash: 8AE02631341001AF82086A2EE8848FE73C9EBCE630310807AF10CC3352CD708C014395
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA53ED4 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8ba144f033c0d0a2f1730f8d27e92a765a5e8987b3d44a88e15f26980b0b360d
                                                      • Instruction ID: 7c1ea978beee3b3397886f4727fd4b78338abde9eca987ad9694919664c8c775
                                                      • Opcode Fuzzy Hash: 8ba144f033c0d0a2f1730f8d27e92a765a5e8987b3d44a88e15f26980b0b360d
                                                      • Instruction Fuzzy Hash: B3E08631344111AF8114667EEC849ABB7DEEBCA631714447AF50DC7762DDB19C048399
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DDB830 Relevance: .0, Instructions: 27COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7aafd1a86f193528685ef52cf1f6b3f82ae69080f03ea979041e80452ab45407
                                                      • Instruction ID: 074ad4cdb3c226a09df9eab2cbbf2938830691cfa351c0bfea3f4afac685b174
                                                      • Opcode Fuzzy Hash: 7aafd1a86f193528685ef52cf1f6b3f82ae69080f03ea979041e80452ab45407
                                                      • Instruction Fuzzy Hash: DBE02262B50B448BC21C652C640128AB1C7DBC837AF04CA6BE04FCB240CD25D84282AA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE9B98 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 7d9a8777bd39529029d1902c1d2f956e2755d49ed3ad5891e0d51e795577508e
                                                      • Instruction ID: 44ef90fac9bac07926eb68548fbb043d725491336a5d24cd325b44a90c121878
                                                      • Opcode Fuzzy Hash: 7d9a8777bd39529029d1902c1d2f956e2755d49ed3ad5891e0d51e795577508e
                                                      • Instruction Fuzzy Hash: D2E0DF7034132CBBFA1421949822B76355E97C5B96F10022AF706AA2C1DAE288404BA6
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA55D50 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5f1e110f80aa14d6aef04dc9d295cc52237ab12cc76dfd4cada20f7420ff0c82
                                                      • Instruction ID: 4332e584777ea9119e3229dad940d4db7551df8cf5b9d42eb87e7c13c8e92949
                                                      • Opcode Fuzzy Hash: 5f1e110f80aa14d6aef04dc9d295cc52237ab12cc76dfd4cada20f7420ff0c82
                                                      • Instruction Fuzzy Hash: 7DE0D837B0161667CB299739D41059673A9AEC4A60309413BCC084B740DB31EC018FD4
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0923D860 Relevance: .0, Instructions: 26COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 32c005ac1b34dcc1d681b02f8e18e8b986b6277c951ac679face015e40338f77
                                                      • Instruction ID: 94e92d9b537e61b3eb109a97174640f5d1a805a5195af9a1898e6084b62a5f31
                                                      • Opcode Fuzzy Hash: 32c005ac1b34dcc1d681b02f8e18e8b986b6277c951ac679face015e40338f77
                                                      • Instruction Fuzzy Hash: 0EE0207077022867EA2422994C06772754DCBC5751FD04124FA05BE2C0DDB1EC0207D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE27D9 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d3e15c97d6bea27fb5553c51741c2eb801354396871b60d1f2298e16a0dc3b4f
                                                      • Instruction ID: 51273010aad2518ef719d18faeacfc9237acb13e20bb1520fc2babb6c56b69af
                                                      • Opcode Fuzzy Hash: d3e15c97d6bea27fb5553c51741c2eb801354396871b60d1f2298e16a0dc3b4f
                                                      • Instruction Fuzzy Hash: 67E09B347053514FCB397735A45006D7B64AE473A330407EEE0468BBE1CA72D441C721
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5CD1 Relevance: .0, Instructions: 25COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 27e9fee6844ceee8a293a964f7e2349c0215ab6a2c110a517ca885846f58816b
                                                      • Instruction ID: f938f5e5a71d81529e8e5479e83318dcee4f3b6b277c745d85e776a9fc75d108
                                                      • Opcode Fuzzy Hash: 27e9fee6844ceee8a293a964f7e2349c0215ab6a2c110a517ca885846f58816b
                                                      • Instruction Fuzzy Hash: 38E0DF316242448FCF25CF18E482AE97BE1EB806497200A6AE01ACF212D766E8038B80
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE27E8 Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 53366e912fa829b020f86283471255c9aea74ece7d7f351c29d9d66c16742540
                                                      • Instruction ID: e4bc2d9b024ccfbf8c374919441b5d59cb7531037010a5c5397c52c45eb83664
                                                      • Opcode Fuzzy Hash: 53366e912fa829b020f86283471255c9aea74ece7d7f351c29d9d66c16742540
                                                      • Instruction Fuzzy Hash: A2E0EC353013248BCB387AB5B55046E73ADEE817A73440ABEF44A86F80DA77E880C761
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB378A Relevance: .0, Instructions: 24COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c35e2003034f59bc761ceaf6a3f9f0c3aae4a34ba01b0c22d01dd1bc1dc8ffb0
                                                      • Instruction ID: a85008cc1ce8646d714335a95a9de47389e9a538c322158e3a19d3e482097c55
                                                      • Opcode Fuzzy Hash: c35e2003034f59bc761ceaf6a3f9f0c3aae4a34ba01b0c22d01dd1bc1dc8ffb0
                                                      • Instruction Fuzzy Hash: B1E0207534D3108FD70917189820BDA36C98FC6752F04816AE14A8B3C2CAE548000396
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8670 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f1569af642f0c66a3d31f2821c4e05c43cceeed451b818e42aa5d6a1dc12eec4
                                                      • Instruction ID: 717b0796c7d75d4b162bd9b055aaa7c4f4764d689287bf6801ce0609cdf77c6c
                                                      • Opcode Fuzzy Hash: f1569af642f0c66a3d31f2821c4e05c43cceeed451b818e42aa5d6a1dc12eec4
                                                      • Instruction Fuzzy Hash: 8FF06D31248A908FC325DB38C488FE67BF0AF1A305F0500EAE15AC73B2CA71AC00CB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5C369 Relevance: .0, Instructions: 23COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: cad4ba99dcabacee8cb520fe5b4ac193eeb5f88eee6d620c954a458ab36a1f26
                                                      • Instruction ID: dd71dfe2c961d697dc4bd610528261e4347bfd947b9589fa5e39d059ff3f199b
                                                      • Opcode Fuzzy Hash: cad4ba99dcabacee8cb520fe5b4ac193eeb5f88eee6d620c954a458ab36a1f26
                                                      • Instruction Fuzzy Hash: 46E01AB6A112009FC344CB28D404999FBE5FFD972171AC5BBE14CCB361DAB49C40CB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB3790 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5efd47c00f2bcc095b4d6ed41837a63bae6b104156af0cf4e76a660dfba648f1
                                                      • Instruction ID: 13fa2d820e9af8995edcb0800231fb6b159a20b2c199186390fd914fda8824b7
                                                      • Opcode Fuzzy Hash: 5efd47c00f2bcc095b4d6ed41837a63bae6b104156af0cf4e76a660dfba648f1
                                                      • Instruction Fuzzy Hash: FFE0C2343842149FC7086A18A4107DA72CA9FC9792F00842AF10ACB381CAA59C0002A9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6748 Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fb5178498690e090e051bea5ef623596f44ccc4223995eacf68641a7dd0a9e69
                                                      • Instruction ID: e21c1763f8db2e22083c59313418dd97569c40be50351c4b68965e03f2ab7203
                                                      • Opcode Fuzzy Hash: fb5178498690e090e051bea5ef623596f44ccc4223995eacf68641a7dd0a9e69
                                                      • Instruction Fuzzy Hash: EBE07DA830420447E3011F7074553A537E6EB4020730AC861D00E86262EF1CCD435302
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F8FF Relevance: .0, Instructions: 22COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: aa53c778999f75aa36f21acb103f5ec92afb72b977572b348e86772571b1c0a7
                                                      • Instruction ID: d8c8420fc8d453f06f06c7d553bf0b8ffe8c5875169324cde1188952b4c38b25
                                                      • Opcode Fuzzy Hash: aa53c778999f75aa36f21acb103f5ec92afb72b977572b348e86772571b1c0a7
                                                      • Instruction Fuzzy Hash: 92E0B6D5A4EBC49EDB5316B0AD210643F38990311874F80D7D984CE5ABE26A98078756
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE5681 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: fcd1c11aa815678939f0b6b762795860893503b3442275e85bc9575b50a78450
                                                      • Instruction ID: d23b3614a1cfe443210b5542a08d02389e8b4e00da86afa5ff4de3b27913ffd4
                                                      • Opcode Fuzzy Hash: fcd1c11aa815678939f0b6b762795860893503b3442275e85bc9575b50a78450
                                                      • Instruction Fuzzy Hash: F1D02B11609B5007C70576392800088BB968BC3494B0CC1AFC10FCB291C814490703CA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE2FC0 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 9f85bd96330204bf966fe36efa9492af0dee4a554d0b571ed55a536687144eab
                                                      • Instruction ID: e6f76fc10d161bb9bc84182de2ec551de3b0a5efdf047c974e84550f37010029
                                                      • Opcode Fuzzy Hash: 9f85bd96330204bf966fe36efa9492af0dee4a554d0b571ed55a536687144eab
                                                      • Instruction Fuzzy Hash: A8E0E67031430587DF15EB6EDC40B5633D9BB84656B104669F405CF655EF31D8428651
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB9068 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: a0b00024ac9a72d08c9cb8c089469552d8cdc13286c15f69423b9b26da2fd46b
                                                      • Instruction ID: b405c35fef31502f230fca2c39c9c9038740b3e768e2f3ae6f29720bccd623a7
                                                      • Opcode Fuzzy Hash: a0b00024ac9a72d08c9cb8c089469552d8cdc13286c15f69423b9b26da2fd46b
                                                      • Instruction Fuzzy Hash: 94D0A75170656007B7C5601C3D515AB6FC6C6C56D03854063D686DF356CA548C8303E7
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB3420 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 4d55cf015896b86b3d5df99a53c23dd2c0fdfb99d5b68e2f9e2bb07f838d68a3
                                                      • Instruction ID: 59ba2628c03568c8c46fd0e615d95161e15298edbed51f60464b817cae0f650c
                                                      • Opcode Fuzzy Hash: 4d55cf015896b86b3d5df99a53c23dd2c0fdfb99d5b68e2f9e2bb07f838d68a3
                                                      • Instruction Fuzzy Hash: 97D0C291509A5043D706A229A8012DABBD68FC5614F04C86ED28E96211CE684A0207AA
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8630 Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dcee33540aecb0772833612e170245078cc56c68c2fd714aefadb2aae7e12c6f
                                                      • Instruction ID: d958a73e01cd7fb6f43f6d86358e826c3dce412c414d2c3a1e29bd1396c641d6
                                                      • Opcode Fuzzy Hash: dcee33540aecb0772833612e170245078cc56c68c2fd714aefadb2aae7e12c6f
                                                      • Instruction Fuzzy Hash: B5D0178A51E7D09FDB83533498207403FA0AA93192B9E12CAC4D0CB2F7E30E490A8722
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD10EC Relevance: .0, Instructions: 21COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ad1557781c0873bdc3a011092b92f93229bc2d0448332bb5ac032b3117f8a45f
                                                      • Instruction ID: 436c233d9f97ddd9682adf64ea1f2ab1b24e278808486d329dc988fe72538e90
                                                      • Opcode Fuzzy Hash: ad1557781c0873bdc3a011092b92f93229bc2d0448332bb5ac032b3117f8a45f
                                                      • Instruction Fuzzy Hash: 28D02B3034A3205BC604616D3854BE7BBCBDB852A5F044A2EE14EC3302CD96680442AF
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE52AF Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 004a6817c9c1f7f0000e434679947b135e23b8830ade279d5b677ecce12bc9e3
                                                      • Instruction ID: e591a0c654e256125e384e0d56335ac836606e48fa2b283a772d734914cdab93
                                                      • Opcode Fuzzy Hash: 004a6817c9c1f7f0000e434679947b135e23b8830ade279d5b677ecce12bc9e3
                                                      • Instruction Fuzzy Hash: 38D05E5548E3C08FCB13A331A8602566FB1A9672C737A92CBE0D08E1E38029090BC3A2
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5C378 Relevance: .0, Instructions: 20COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 02a47d69b560fe2201c300b3ef752af28ab622fc924c4908fab300b49c793c99
                                                      • Instruction ID: 3f19231e75b02ede7f4ad5584d66b0e77dff12e1a2b18b97b20b45f2e309bf0d
                                                      • Opcode Fuzzy Hash: 02a47d69b560fe2201c300b3ef752af28ab622fc924c4908fab300b49c793c99
                                                      • Instruction Fuzzy Hash: CCE0B6756002149F8304DB5DD444995FBE9EFC9621715C1BAE60CCB361DAB19C408795
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8958 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 15f4132df442a10bbc21f6cce2d9212ffb5f897aeda78b1c877239aa241f994c
                                                      • Instruction ID: cb3245439339a8ee2fb40576564c5cacb564d215e42856c6dbe2d97398001379
                                                      • Opcode Fuzzy Hash: 15f4132df442a10bbc21f6cce2d9212ffb5f897aeda78b1c877239aa241f994c
                                                      • Instruction Fuzzy Hash: 43D05B316052149FD7855F68F9459993BE8FB4BA1170111FBE106D7371CE799C008B95
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5B9A Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 162171604b4555d068c2f59a460ad3637349dda4ec6f56555ca34e0f18f1a22d
                                                      • Instruction ID: 8f1906612f5192b15421eafab3ae7d2fe8526e1f29629390b0d8311f2ed3ed6b
                                                      • Opcode Fuzzy Hash: 162171604b4555d068c2f59a460ad3637349dda4ec6f56555ca34e0f18f1a22d
                                                      • Instruction Fuzzy Hash: 61E072B8B483004FE70E1748A02078977D2AFC8341F0080ABE80E8F392C6B488000396
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD09A1 Relevance: .0, Instructions: 19COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 158b153442d259daa592c6cc492146b6ef503957da828a582c2b20285719957f
                                                      • Instruction ID: 1e8e718f157e0cb002ce5b7a7c8729e8eaa8649abe7c1447b0d0ec5ddd55ed1f
                                                      • Opcode Fuzzy Hash: 158b153442d259daa592c6cc492146b6ef503957da828a582c2b20285719957f
                                                      • Instruction Fuzzy Hash: 9DE0B63AA0110DEBDF01DF80E951BDEBB72FF88355F208115EA1527290C7369A21DBA1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8680 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 97cde4871a1bf205a7b18a13b7ebb65fb3c6343973a43af311da26fbb7a935da
                                                      • Instruction ID: e2bc8dea28ebab86229e8a2bb8e55be904ced556890666ee6771dda6ab41329b
                                                      • Opcode Fuzzy Hash: 97cde4871a1bf205a7b18a13b7ebb65fb3c6343973a43af311da26fbb7a935da
                                                      • Instruction Fuzzy Hash: FDE0B634244A518FD324DB68D448FE6BBE8AF0A655F0504EAE65A8B371CA61AC40DB91
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA52E0B Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f07bff8fbd0e5b8c9d0e5d0aa2a3c45097fd7f897cfc18b4f00313205216f1d8
                                                      • Instruction ID: 19a4923660700c2fa5f840eed6cc685bfa962ca63001953f59dc9e40e863aef7
                                                      • Opcode Fuzzy Hash: f07bff8fbd0e5b8c9d0e5d0aa2a3c45097fd7f897cfc18b4f00313205216f1d8
                                                      • Instruction Fuzzy Hash: 89D023313097B01F83021B7C74100993FB6CBC715131542E7F001D7382CD154C024395
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5AFC0 Relevance: .0, Instructions: 18COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: c5759533cdb041a4e3ce50df27a856526489af348984719ce5f96a58b95a62d4
                                                      • Instruction ID: da09ce7a6fd27309f0acbe689ef3a3cfcfdff31c770960f7723d715f1e1c7044
                                                      • Opcode Fuzzy Hash: c5759533cdb041a4e3ce50df27a856526489af348984719ce5f96a58b95a62d4
                                                      • Instruction Fuzzy Hash: 28D05B713013108BC7289F7DD004E55779C9F05A5570141AEE909CB7A1C671DC40CB88
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DECC58 Relevance: .0, Instructions: 17COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d8e68006449c18277894225c412655005e10491d4209c16fee747667363ba187
                                                      • Instruction ID: 0fce314854672a9fa093ed6cf210131da25aa0d24c201f8280dc339ef239db1d
                                                      • Opcode Fuzzy Hash: d8e68006449c18277894225c412655005e10491d4209c16fee747667363ba187
                                                      • Instruction Fuzzy Hash: 7ED0A73056D208DBD704FB70E649BE973ACD707752F00139CE80A13252C7718940E565
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE10D0 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1e67f62281aeba6cd624f35a6017c35cbbdbb6e874970e5f82bf91059bb2404f
                                                      • Instruction ID: 2e20871b8dd2ad1498e716fa7354fe29532ec5d533de6db279525ccac0fc615c
                                                      • Opcode Fuzzy Hash: 1e67f62281aeba6cd624f35a6017c35cbbdbb6e874970e5f82bf91059bb2404f
                                                      • Instruction Fuzzy Hash: A1D012293866A10FC709672C38551D927918AD599630951D5D107DB3E6DD088C4353E5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB5EA7 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 68ae99e68ec6d73d75252c0bcf0458f7a19c23f5ea03cdb743cb50ea40e291b1
                                                      • Instruction ID: 3f242ceaf53db642bd697bf063f446c2f2e2b672cc2d1850caa0dee7cae9f856
                                                      • Opcode Fuzzy Hash: 68ae99e68ec6d73d75252c0bcf0458f7a19c23f5ea03cdb743cb50ea40e291b1
                                                      • Instruction Fuzzy Hash: 68D0A705A0C6D14FDB07527874103C41B914F43661F05178BC049873D3D50C4C0753A1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB6758 Relevance: .0, Instructions: 16COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8630f505fb61b60f9ffc52478dccbc72eca13e2f381532b4be7b2d8b19a76a75
                                                      • Instruction ID: 91c15b9ed3d007d039451d06d225068a5291108c6c7d537251210c78cf6d6612
                                                      • Opcode Fuzzy Hash: 8630f505fb61b60f9ffc52478dccbc72eca13e2f381532b4be7b2d8b19a76a75
                                                      • Instruction Fuzzy Hash: 3FD0A76430420C97D3046FB274593BA33DEEB80642746C024A109C6291FE28ED419752
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE3A40 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: e6efb529a680b60c806f1028f0c2848da1364a7c98d637efaf5b420b0aa6f511
                                                      • Instruction ID: ce8ae9bbd9679cb37083895de440fa67117cd8b3abe88b8ef6b4e3de625b2bcc
                                                      • Opcode Fuzzy Hash: e6efb529a680b60c806f1028f0c2848da1364a7c98d637efaf5b420b0aa6f511
                                                      • Instruction Fuzzy Hash: 92C0122100EBC98FC7431BA4681A0A0BF788E4311570840C7D48ACB0B7CA1888868362
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE7D10 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2ca2967a07ce1e245af5236a7317ada675a9a77a6baf2e8c42001aaaf29d0106
                                                      • Instruction ID: af0e6931763d41b04ada2d03e7e4344f0ee5235c20f5192ea5daa389592d2477
                                                      • Opcode Fuzzy Hash: 2ca2967a07ce1e245af5236a7317ada675a9a77a6baf2e8c42001aaaf29d0106
                                                      • Instruction Fuzzy Hash: CED09236280208BFDB018E85DD06F8A3F65EF08B10F104040FB045E1B1C3B2E820AB55
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE7D0F Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2f92224c4a547017ae8162344ec4580e8a8e38b7ac06c9eeda12806842216639
                                                      • Instruction ID: 60c0595c0dafa197ba3154b27e5e0aa7c394304c4dede959ffdf4f8b7a7a648f
                                                      • Opcode Fuzzy Hash: 2f92224c4a547017ae8162344ec4580e8a8e38b7ac06c9eeda12806842216639
                                                      • Instruction Fuzzy Hash: 37D09236280208BFDB018F80ED46F8A3F21EF08B10F104040FB145E1B1C3B2D920AB51
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB14F5 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2adfeb5910493f189171812cb575b1fcfd556fb2807e948250ec80cf3e803fa1
                                                      • Instruction ID: 23fb06be0af9543d40908736f74119aef7bd0594a48cdd5f0aa7ab7563483b54
                                                      • Opcode Fuzzy Hash: 2adfeb5910493f189171812cb575b1fcfd556fb2807e948250ec80cf3e803fa1
                                                      • Instruction Fuzzy Hash: 28E0123A820118CFCB068F10CD85EC8BBB1BB18310F0584D5E60A9A071DB318E94DF00
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB3430 Relevance: .0, Instructions: 14COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: ce86c74eed98242fb9573652087f59b23a258304761ac508fe6e7ccf25354547
                                                      • Instruction ID: 1e0d86748cc6dee5ae6ce2a1e30bf96144ec3b479016cfe7f3ac32f152b904d4
                                                      • Opcode Fuzzy Hash: ce86c74eed98242fb9573652087f59b23a258304761ac508fe6e7ccf25354547
                                                      • Instruction Fuzzy Hash: 09D01221604E6443D619B26EA4013DEF6CA8F85564F04C57FD24F93340DDA569411ADD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE4570 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 5cc73062e272cdf6c7e49a6c3eebb816491f561fd95b277789b879db02e375ba
                                                      • Instruction ID: bc6144aff9b94ee3ef211a4d8fcd80cae1f01b1288d19c1910e1361066231144
                                                      • Opcode Fuzzy Hash: 5cc73062e272cdf6c7e49a6c3eebb816491f561fd95b277789b879db02e375ba
                                                      • Instruction Fuzzy Hash: D6C08C22700A28138A0CF66E64000AEF2CF8FC4860B44813FD20F93300DD61280202DD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE456F Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: be5b72ce6a0ac494ea2842ee03075556bacf7be3ec49b1491b8c006e1a164e59
                                                      • Instruction ID: 91ef30c230b846b79ad04d155819f7bb286d022caa56ac861ff65dd2eba07835
                                                      • Opcode Fuzzy Hash: be5b72ce6a0ac494ea2842ee03075556bacf7be3ec49b1491b8c006e1a164e59
                                                      • Instruction Fuzzy Hash: 6AC08C22701924138A0CFA6E70000EEF78B8FC4860B04813FD20F97300DD61090302C9
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE5690 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 943f73fe7ad454d226a37f3b0e34fc9a67b84a33bc2a6f7ec23f377fe1846631
                                                      • Instruction ID: d44abf299be6fe826cc76d02102eabf34ab3a1657ed1ffea31534a8aef00e952
                                                      • Opcode Fuzzy Hash: 943f73fe7ad454d226a37f3b0e34fc9a67b84a33bc2a6f7ec23f377fe1846631
                                                      • Instruction Fuzzy Hash: 7FC08C22B04E2403860CF66E640059EF2CF4FC4820B08C03EC10F97240DD51280202CD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB8968 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6086bf47d3e236243b37c3e09472267a947f10f4a3b765789bf496733cc78bcb
                                                      • Instruction ID: faa4445b1ad9ff859d645b96a4fe6243250c3dfba10d665b2105aa5d88cacd85
                                                      • Opcode Fuzzy Hash: 6086bf47d3e236243b37c3e09472267a947f10f4a3b765789bf496733cc78bcb
                                                      • Instruction Fuzzy Hash: 20C012313000248BCA08AA5CF5088ED37DCDB4AA61B0105AAE20ADB361CAA1EC0047E5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA50B10 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bc73dccc23e648a8321fbeaa087eca42f00e706f09f86f4bf581413efdc41e77
                                                      • Instruction ID: 9cb2a466e110200e3e2ecd716aa4d85a292e3b507b73ef3763e3dcf284150a91
                                                      • Opcode Fuzzy Hash: bc73dccc23e648a8321fbeaa087eca42f00e706f09f86f4bf581413efdc41e77
                                                      • Instruction Fuzzy Hash: 74D0A7F181D7808AD317363498058443F30BE1711472506EBC4D419172E6395257C752
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09231168 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 2fb43ea3376f80bf03ad16c096496405d17baec13d76c08ccf23d171386b3847
                                                      • Instruction ID: a2384df21e02738b6d6de5a7ac8d6afffaf31aa184b0abf08661b19442b07af7
                                                      • Opcode Fuzzy Hash: 2fb43ea3376f80bf03ad16c096496405d17baec13d76c08ccf23d171386b3847
                                                      • Instruction Fuzzy Hash: 29C08C72748A6403860CF66E640059EF2CF4FC4420B04C03FC20F93210DD61280202DD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 092363F0 Relevance: .0, Instructions: 13COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: bed2edd52fef35e7590baf8a1824bfe9a64a9ec7dcc6cbb802560fe2ee8d2487
                                                      • Instruction ID: 7cb323e38b12dbb82055c82a1ccc6bdce04a4d6c2a8a739af92acf8f6c7fc1e3
                                                      • Opcode Fuzzy Hash: bed2edd52fef35e7590baf8a1824bfe9a64a9ec7dcc6cbb802560fe2ee8d2487
                                                      • Instruction Fuzzy Hash: 43C08C22745B2403860CF66E640019EF2CF4FC4420B08C03FC20F93200ED61280202DD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DECBB6 Relevance: .0, Instructions: 10COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                      • Instruction ID: 0b72bb6f47ead7186bf49bbb6231bd2fa39e0ebe1a8aeedec8158e5173071b7f
                                                      • Opcode Fuzzy Hash: f147b988f30bf52586bfd91676776a298cfe5e555eb6f657d1010401906be16e
                                                      • Instruction Fuzzy Hash: 3CD06C38A10128CFDB60CB24C880B99B7B1AB49218F1081D9980DA3342C732AE82CF50
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEC6F0 Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 26e0e5d39ac4dcd02eed9f2b7d92512872722b5b4a624003e9ef74c96bbb71c7
                                                      • Instruction ID: f84f65cc6145cdbe449e69acd43265097e5f29d7c6a51393654e7e8b942026a1
                                                      • Opcode Fuzzy Hash: 26e0e5d39ac4dcd02eed9f2b7d92512872722b5b4a624003e9ef74c96bbb71c7
                                                      • Instruction Fuzzy Hash: A1D0E974D14209CBCB40DF94D5955EDB7B5BB49341F105115D45562341C774A9428F40
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5072F Relevance: .0, Instructions: 9COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 628ec6b88075fae6ecbc06911dee8ddfa0f621dedbfc45be29a456133247bad9
                                                      • Instruction ID: 30369f8658d4184f757d521e1902fe3001ff85dcbf51147eb63113918738b79f
                                                      • Opcode Fuzzy Hash: 628ec6b88075fae6ecbc06911dee8ddfa0f621dedbfc45be29a456133247bad9
                                                      • Instruction Fuzzy Hash: 68B0127D3040300F49482368B0242DC5341C7C4D513010259FA16E73D0EE190C830BCD
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE127C Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 47a6c39a978460279e387244ac5e31cdad03c283b561039e8ca323f1a64546af
                                                      • Instruction ID: a042106ec899a028cb14fd76eb5666af07dd418c551ddaf178fa0191dd773466
                                                      • Opcode Fuzzy Hash: 47a6c39a978460279e387244ac5e31cdad03c283b561039e8ca323f1a64546af
                                                      • Instruction Fuzzy Hash: 5FB0923A299201A6D94072610C51BAE7140EBD4BD3F408A06B248815404AB58820926B
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DEE4F4 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 768b2415c8c1becbc3d608732257e811113dcdec880a542417478f7861b5a29c
                                                      • Instruction ID: 63308786c5780cd0ce6322c0b463c946846bfe84ba03b9650bfaa2b5a7478aa0
                                                      • Opcode Fuzzy Hash: 768b2415c8c1becbc3d608732257e811113dcdec880a542417478f7861b5a29c
                                                      • Instruction Fuzzy Hash: 5AB0127E6F5712F75141B3E85C50B6E6041FFF1B81B408D01724444040CE70D82B953F
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 09232E40 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1559496685.0000000009220000.00000040.00000800.00020000.00000000.sdmp, Offset: 09220000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_9220000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 6f3d1864030d853c5576a69e66e5800e943f0bc21edb517417ddd659ad58ff22
                                                      • Instruction ID: 9619bda784ce7f51b4473c303ea0a6fa792c1a1cce511ddd3a85b7373b477112
                                                      • Opcode Fuzzy Hash: 6f3d1864030d853c5576a69e66e5800e943f0bc21edb517417ddd659ad58ff22
                                                      • Instruction Fuzzy Hash: 4FB092721A45098FC350AF68E848E6073A9EF48625B1180F0E1088BA33D632F8008A44
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DD0998 Relevance: .0, Instructions: 8COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558740326.0000000008DD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DD0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8dd0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 8fc304a26ba6a9b8e09db51e88682a954301326f375d2764bec1dfa900b44145
                                                      • Instruction ID: 36b8fbea59fec141c224f74d28ce599a4b181edcfe4d96a47ba2de3878241151
                                                      • Opcode Fuzzy Hash: 8fc304a26ba6a9b8e09db51e88682a954301326f375d2764bec1dfa900b44145
                                                      • Instruction Fuzzy Hash: 58B09237A0410889EB008A84B4513EEF720E780266F104123C25152141837201A496D1
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA51120 Relevance: .0, Instructions: 7COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 0c7f5ecb0830dde793ab54c3d1fd254b529df5af7f28a7265ee60f1b57afa1b4
                                                      • Instruction ID: 89ade57f32725c95df48b6eb16113ce303f3ef67843d0b42e7ec40cf1d0d9f48
                                                      • Opcode Fuzzy Hash: 0c7f5ecb0830dde793ab54c3d1fd254b529df5af7f28a7265ee60f1b57afa1b4
                                                      • Instruction Fuzzy Hash: 56B092B4000303CEEB215F209040380B7A0AF02306FA008A8C44019222E3398016EB26
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DE3A50 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558840131.0000000008DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DE0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8de0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: dbab4308ccbf906fdd424575ce73606fb026759d63c663b2c0ff0038fdd69797
                                                      • Instruction ID: 063ea78c6c47f285dbd9a3503d74deb93848847b90a81c79f3b0ec291cd8231e
                                                      • Opcode Fuzzy Hash: dbab4308ccbf906fdd424575ce73606fb026759d63c663b2c0ff0038fdd69797
                                                      • Instruction Fuzzy Hash: 5B90023145864C8B458027D578095B5775C96845267800055A60D525626E55745095A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB07F0 Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: eaa641cb0c7b84a96705a467cc5787758d187f9f619847d38f402744a04805d7
                                                      • Instruction ID: cb0cf1c814feedafb23f56df8f91b83b90ea901d4b84965a9b1989dc4c503cf9
                                                      • Opcode Fuzzy Hash: eaa641cb0c7b84a96705a467cc5787758d187f9f619847d38f402744a04805d7
                                                      • Instruction Fuzzy Hash: 3790023106960C8B45402799780D5A9B76C95845157D04051A51D415139A656410E5A5
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 08DB07EF Relevance: .0, Instructions: 5COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1558609690.0000000008DB0000.00000040.00000800.00020000.00000000.sdmp, Offset: 08DB0000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_8db0000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 61a696a6b71f1c16087c9e2094e789a09bca258327781dafe6e677f75bc4606b
                                                      • Instruction ID: 74e822bbcfdf70372caaa02dace4e0be7f46ad406b6064bbbf1c26992ae79390
                                                      • Opcode Fuzzy Hash: 61a696a6b71f1c16087c9e2094e789a09bca258327781dafe6e677f75bc4606b
                                                      • Instruction Fuzzy Hash: 4FA0023106A5088B46402B94744D1E8BB3CD6845157904051E52D45513DA654512E691
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5F35F Relevance: .0, Instructions: 4COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: 1186c0348ef485fa2d0c7d25b2713fb8ea1c7ffd50461ef950e3f9189a0e21d3
                                                      • Instruction ID: 9c8b498d9e5f7195976ea9e3fec7c12da700c14ef2f91a1272e1d66eff67be7f
                                                      • Opcode Fuzzy Hash: 1186c0348ef485fa2d0c7d25b2713fb8ea1c7ffd50461ef950e3f9189a0e21d3
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%

                                                      Function 0AA5FEF2 Relevance: .0, Instructions: 2COMMON
                                                      Download Yara Rule
                                                      Memory Dump Source
                                                      • Source File: 0000000A.00000002.1560892889.000000000AA50000.00000040.00000800.00020000.00000000.sdmp, Offset: 0AA50000, based on PE: false
                                                      Joe Sandbox IDA Plugin
                                                      • Snapshot File: hcaresult_10_2_aa50000_ZRbgEuSJYOgOl.jbxd
                                                      Similarity
                                                      • API ID:
                                                      • String ID:
                                                      • API String ID:
                                                      • Opcode ID: d209159d346f3944b1e71a24de8742da3bb8bd0ba8dcc816da6b0c0eb55a8d81
                                                      • Instruction ID: 06cdd577dfc0ea9e15e4a575bacf27aecbf35dbbd5955a855b9fefa73cc81b57
                                                      • Opcode Fuzzy Hash: d209159d346f3944b1e71a24de8742da3bb8bd0ba8dcc816da6b0c0eb55a8d81
                                                      • Instruction Fuzzy Hash:
                                                      Uniqueness

                                                      Uniqueness Score: -1.00%